GitHub

[rdiffweb] rdiffweb 2.4.1 Missing Custom Error Page

rdiffweb version 2.4.1 is set to a default and leaks error information. Version 2.4.2 fixes this issue.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3175
https://huntr.dev/bounties/c40badc3-c9e7-4b69-9e2e-2b9f05865159
https://github.com/ikus06…

[github.com/containers/podman/v4] Podman’s incorrect handling of the supplementary groups may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are …

[github.com/containers/buildah] Buildah’s incorrect handling of the supplementary groups before v1.27.1 may lead to data disclosure, modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are…

[org.wildfly.bom:wildfly] WildFly vulnerable to Insecure Default Initialization of Resource

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-1278
https://bugzilla.redhat.com/show_bug.cgi?id=2073401
https:/…

[org.craftercms:craftercms] CrafterCMS OS Command Injection vulnerability

Posted inHIGH
Posted byGitHub
09/14/202209/21/2022

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-40635
https://…

[org.craftercms:craftercms] CrafterCMS Improperly Controls Dynamically-Managed Code Resources

Posted inHIGH
Posted byGitHub
09/14/202209/21/2022

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-40634
https://docs.c…

[rdiffweb] rdiffweb before 2.4.2 contains Weak Password Requirements

Posted inHIGH
Posted byGitHub
09/14/202209/15/2022

rdiffweb prior to 2.4.2 has no password policy or password checking, which could make users vulnerable to brute force password guessing attacks. Version 2.4.2 enforces minimum and maximum password lengths.
References

https://nvd.nist.gov/vuln/detail/C…

[routinator] NLnet Labs Routinator has Reachable Assertion vulnerability

Posted inHIGH
Posted byGitHub
09/14/202209/21/2022

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files which are not correctly base 64 encoded are treated as a fatal error and causes Routinator to exit. Worst case impact o…

[lief] LIEF contains a segmentation violation

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. A patch is available at commit ca938740264f1fcb18f91cba8e4039c518ecb75b.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-38497
https://githu…

[lief] LIEF vulnerable to heap based buffer overflow via print_binary function

Posted inHIGH
Posted byGitHub
09/14/202209/21/2022

LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. Commit 0033b6312fd311b2e45e379c04a83d77c1e58578 contains a patch.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-38495
https…

トピトピニュース

Featured

[github.com/crewjam/saml] crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication

[org.keycloak:keycloak-core] Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown

[bitlyshortener] Package discontinued because Bitly lowered the free quota

[baserproject/basercms] baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability