Month: April 2022

「妊娠したことを会社に告げたら、これまでと違う部署で働くことを強制された」。「産休や育休を取得した先…

「妊娠したことを会社に告げたら、これまでと違う部署で働くことを強制された」。「産休や育休を取得した先…

デル・テクノロジーズの「New Inspiron 14 2-in-1」は、14型ディスプレイを搭載し…

Pimcore prior to version 10.3.5 is vulnerable SQL injection in RecyclebinController.php. This vulnerability affects data confidentiality.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-1219
https://github.com/pimcore/pimcore/commit/a697830359df0…

A CSV Injection vulnerablity exists in Kimai Kimai 2 prior to 1.14.1 via a description in a new timesheet.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-43515
https://github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507#…

A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\Closu…

Impact
When leveraging the following together:

Elide Aggregation Data Store for Analytic Queries
Parameterized Columns (A column that requires a client provided parameter)
A parameterized column of type TEXT

There is the potential for a hacker to pro…

Impact
go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes that work with these malformed graphs may crash leading …

Impact
Decoding certain blocks using the go-ipld-prime version of the dag-pb codec (go-codec-dagpb) can cause a panic. The panic comes from an assumption that the reported link length is accurate, but if the block ends before that reported length then…

Impact
A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents.
Patches
The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1.
Workarounds
There is no known workaro…