Impact
An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others.
This attack is possible …
[com.zaxxer:nuprocess] NuProcess vulnerable to command-line injection through insertion of NUL character(s)
Impact
In all the versions of NuProcess where it forks processes by using the JVM’s Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line injection. Java’s ProcessBuilder isn’t…
[matrix-js-sdk] matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
Impact
An attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield.
Additionally, a sophisticated attacker cooperating with a malicio…
[matrix-js-sdk] matrix-js-sdk subject to impersonated messages due to permissive key forwarding
Impact
An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others.
This attack is possible …
[d3-color] d3-color vulnerable to ReDoS
The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.
Refere…
[https://pkg.go.dev/github.com/cloudwego/hertz] Hertz contains path traversal via normalizePath function
Hertz is a a high-performance and strong-extensibility Go HTTP framework that helps developers build microservices. Versions of Hertz prior to 0.3.1 contain a path traversal vulnerability via the normalizePath function. This issue has been patched in 0…
[strapi] Strapi mishandles hidden attributes within admin API responses
Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-31367
https://github.com/kos0ng/CVEs/tree/main/CVE-2022-31367
https://github.com/strapi/strapi/rel…
[github.com/brokercap/Bifrost] Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
Bifrost is a middleware package which can synchronize MySQL/MariaDB binlog data to other types of databases. Versions 1.8.6-release and prior are vulnerable to authentication bypass when using HTTP basic authentication. This may allow group members who…
[rdiffweb] rdiffweb allows unlimited length of root directory name, which could result in DoS
rdiffweb prior to 2.4.8 has no limit in length of root directory names. Allowing users to enter long strings may result in a DOS attack or memory corruption. Version 2.4.8 defines a field limit for username, email, and root directory.
References
https…
[centreon/centreon] Centreon SQL Injection vulnerability via esc_name parameter
Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.
References
https://nvd.nist.go…