Skip to content

トピトピニュース

Header Image
Category

CRITICAL

187 Posts

Featured

Posted byGitHub
[github.com/crewjam/saml] crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Posted byGitHub
[org.jeecgframework.boot:jeecg-boot-common] Jeecg-boot vulnerable to SQL Injection
Posted byGitHub
[electron] Heap buffer overflow in GPU
Posted byGitHub
[wger] wger vulnerable to brute force attempts

[github.com/dexidp/dex] Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code

  • Posted inCRITICAL
  • Posted byGitHub
  • 10/04/202210/07/2022

Impact
Dex instances with public clients (and by extension, clients accepting tokens issued by those Dex instances) are affected by this vulnerability.
An attacker can exploit this vulnerability by making a victim navigate to a malicious website and gu…

[isolated-vm] isolated-vm has vulnerable CachedDataOptions in API

  • Posted inCRITICAL
  • Posted byGitHub
  • 10/01/202210/07/2022

Impact
If the untrusted v8 cached data is passed to the API through CachedDataOptions, the attackers can bypass the sandbox and run arbitrary code in the nodejs process. There are currently no known fixed versions or workarounds.
References

https://gi…

[CompositeC1.Core] Orckestra C1 CMS’s deserialization of untrusted data allows for arbitrary code execution.

  • Posted inCRITICAL
  • Posted byGitHub
  • 09/30/202209/30/2022

Impact
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS.
Authentication is required to exploit this vulnerability.
The authenticated user may perform the actions unknowingly by visiting…

[com.amazon.redshift:redshift-jdbc42] AWS Redshift JDBC Driver fails to validate class type during object instantiation

  • Posted inCRITICAL
  • Posted byGitHub
  • 09/30/202210/05/2022

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.
Refer…

[github.com/labstack/echo/v4] Labstack Echo Open Redirect vulnerability

  • Posted inCRITICAL
  • Posted byGitHub
  • 09/29/202209/30/2022

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). Version 4.9.0 contains a patch for the issue…

[com.xuxueli:xxl-job-core] XXL-JOB contains a Command execution vulnerability in background tasks

  • Posted inCRITICAL
  • Posted byGitHub
  • 09/29/202209/30/2022

XXL-JOB versions 2.2.0 and prior contain a Command execution vulnerability in background tasks.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-40929
https://github.com/xuxueli/xxl-job/issues/2979
https://github.com/advisories/GHSA-m54f-rp6r-rrrm

[vm2] vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host

  • Posted inCRITICAL
  • Posted byGitHub
  • 09/28/202209/28/2022

Impact
A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
Patches
This vulnerability was patched in the release of version 3.9.11 of vm2
Workarounds
None.
References
Github Issue – h…

[joblib] joblib vulnerable to arbitrary code execution

  • Posted inCRITICAL
  • Posted byGitHub
  • 09/27/202209/30/2022

The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-21797
https://github.com/joblib/joblib…

[rdiffweb] rdiffweb vulnerable to account access via session fixation

  • Posted inCRITICAL
  • Posted byGitHub
  • 09/25/202209/30/2022

rdiffweb prior to 2.4.7 fails to invalidate session cookies on logout, leading to session fixation and allowing an attacker to access a users account. After logging in and logging out, the application continues to use the preauthentication cookies. The…

[org.apache.pinot:pinot] Apache Pinot has Groovy Function support enabled by default

  • Posted inCRITICAL
  • Posted byGitHub
  • 09/25/202209/29/2022

Pinot allows you to run any function using Apache Groovy scripts. In versions prior to 0.10.0, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to groovy function support being enabled by default. Th…

Posts navigation

Previous Posts 1 … 6 7 8 9 10 … 19 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close