Impact
Even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider by providing its details through request parameters. One can then bypass the XWiki authentication altogether by speci…
[@keystone-6/core] @keystone-6/core’s NODE_ENV defaults to development with esbuild
Impact
@keystone-6/core@3.0.0 || 3.0.1 users that use NODE_ENV in their own code (not dependencies) to trigger security-sensitive functionality in a production build are vulnerable to NODE_ENV being inlined to “development” for user code.
If your depen…
[centreon/centreon] Centreon vulnerable to SQL Injection
A SQL injection vulnerability in Centreon affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. Version 22.10.0-b…
[ckb] ckb: Transaction header_deps validation issue (network forking)
Impact
fn HeaderChecker#check_valid skipped main chain checking after this PR: https://github.com/nervosnetwork/ckb/pull/1646/files#diff-c4e017b67c1b3005ca0c446a9b0879571aa36a858b1f7ddd1b9328a884e3214bR171-R176
It will cause network forking if one tran…
[openssl-src] X.509 Email Address 4-byte Buffer Overflow
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs
after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for…
[@xmldom/xmldom] xmldom allows multiple root nodes in a DOM
Impact
xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing.
This breaks the assumption that there is on…
[acryl-datahub] acryl-datahub missing JWT signature check
Missing JWT signature check (GHSL-2022-078)
The StatelessTokenService of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authenticat…
[noumo/easyii] easyii CMS’s File Upload Management vulnerable to unrestricted upload
This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-377…
[thorsten/phpmyfaq] phpMyFAQ contains Weak Password Requirements
phpMyFAQ prior to version 3.1.8 has Weak Password Requirements. Version 3.1.8 introduces an eight-character minimum password length.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3754
https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828…
[pimcore/pimcore] RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Impact
The user controlled twig templates rendering in Pimcore/Mail & ClassDefinition\Layout\Text is vulnerable to server-side template Injection RCE.
Patches
Update to version 10.5.9 or apply this patch manually https://github.com/pimcore/pimcore/…