A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38916
https://github.com/pagekit/pagekit/issues/970
https://github.com…
WASM3 v0.5.0 was discovered to contain a segmentation fault via the component op_Select_i32_srs in wasm3/source/m3_exec.h.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-39974
https://github.com/wasm3/wasm3/issues/379
https://github.com/wasm3/wa…
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the string variable in babel.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37259
https://github.com/stealjs/steal/issues/1528
https://github.com/stealj…
Prototype pollution vulnerability in stealjs steal via the alias variable in babel.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37265
https://github.com/stealjs/steal/issues/1534
https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf…
Impact
Cross-site scripting (XSS) vulnerabilities have been reported to affect SFTPGo WebClient. If exploited, this vulnerability allows remote attackers to inject malicious code.
Patches
Fixed in v2.3.5.
References
https://github.com/drakkan/sftpgo/s…
Impact
It’s possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation.
More specifically, editing a right with the object editor leads to adding a supplementary empty value to groups which is then resolved as a refer…
Impact
A bug in the security cache is storing rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry.
That means that it’s possible to overwrite the rights of a space or a document by creating the page of the space with …
Impact
Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG (cryptographically secure pseudorandom number generator) was baked-in to the final WebAssembly module meaning the seque…
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to …
Valine was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38545
https://github.com/xCss/Valine/issues/…
