A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38639
h…
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38638
https://github.com/casdoor/casdoor/issues/1035
https://g…
Impact
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs – API call
GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions/{execution_id}/tasks/{task_id}/…
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not ta…
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-25914
https://github.c…
rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, an…
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage. Version 2.2.9 fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-35513
https://github.com/p1ckzi/CVE-2022-35513
https://gith…
DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe ‘xml.etree’ library to parse untrusted XML input.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3718…
RosarioSIS Student Information System prior to version 10.1 is vulnerable to Improper Handling of Length Parameter Inconsistency.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2714
https://github.com/francoisjacquet/rosariosis/commit/4022954c3f…
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the n…
