MODERATE

rdiffweb version 2.4.1 is set to a default and leaks error information. Version 2.4.2 fixes this issue.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3175
https://huntr.dev/bounties/c40badc3-c9e7-4b69-9e2e-2b9f05865159
https://github.com/ikus06…

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are …

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are…

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-1278
https://bugzilla.redhat.com/show_bug.cgi?id=2073401
https:/…

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. Commit 7acf0bc4224081d4f425fcc8b2e361b95291d878 contains a patch.
References

https://nvd.n…

LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. Commit 53bf680ef494a835e2c4a5de328ca85416a03a5a contains a patch.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-38306
https://github.c…

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. A patch is available at commit ca938740264f1fcb18f91cba8e4039c518ecb75b.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-38497
https://githu…

In certain Moodle products after creating a course, it is possible to add in a arbitrary “Topic” a resource, in this case a “Database” with the type “Text” where its values “Field name” and “Field description” are vulnerable to Cross Site Scripting Sto…

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37767
https://github.com/Y4tacker/Web-Security/issues/3
https://github…

This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue(“next”)) to extract path and eventually redirect user to a relative URL, b…