LibreNMS version 22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-36746
https://github.com/librenms/librenms/pull/14126
https…
LibreNMS version 22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-36745
https://github.com/librenms/librenms/pull/14126
https://comm…
Impact
Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORG_OWNER are able to create Javascript Code, which is invoked by the system at certain points during the login.
Actions, for example, a…
Impact
Users using any captcha providers
Patches
0.1.0
References
Issue
References
https://github.com/excl-networks/strapi-plugin-ezforms/security/advisories/GHSA-8mgq-6r2q-82w9
https://github.com/excl-networks/strapi-plugin-ezforms/issues/15
https:…
Introduction
Cross-site scripting (XSS) is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby’s API wi…
Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package i…
Impact
If a user has Network Policies with namespace selectors selecting labels of namespaces, or (clusterwide) Cilium Network Policies matching on namespace labels, then it is possible for an attacker with Kubernetes pod deploy rights (either directly…
In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced.
The copied system time zone was released before its name was copied.
If the system time zone was changed between the call of CFRelease and str::to_owned(),…
Affected versions of this crate passes an uninitialized buffer to a user-provided Read
implementation.
Arbitrary Read implementations can read from the uninitialized buffer (memory exposure)
and also can return incorrect number of bytes written to the…
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability…
