Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. The account must have admin privileges.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-42096
https://github.com/backdrop/ba…
A vulnerability was found in Dalli. Affected is the function self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb of the component Meta Protocol Handler. The manipulation leads to injection. The exploit has been disclosed to the publi…
Description
Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime (formerly Docker EE), and Docker Desktop. Moby allows for buildi…
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3867
https://discuss.hashicor…
Impact
Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it was possible to partially bypass the fs scope definition. It was not possible to traverse into arbitrary paths, as the issu…
Impact
A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
Fluentd setups are only affected if the environment variable FL…
actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit. There are no known workarounds for this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-…
Impact
What kind of vulnerability is it? Who is impacted?
In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guar…
Impact
What kind of vulnerability is it? Who is impacted?
The default cookie name (and documentation recommendation) was prefixed with Host__ instead of __Host-. The point of this prefix is for additional security, to ensure that, when no domain option…
Vulnerability type
Data Validation
Detail
When an etcd instance attempts to perform service discovery, if a cluster size is provided as a negative value, the etcd instance will panic without recovery.
References
Find out more on this vulnerability in t…
