A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.php, and (3) __invoke in mockery\library\Mockery\Closu…
[kevinpapst/kimai2] Improper Neutralization of Formula Elements in a CSV File in Kimai 2
A CSV Injection vulnerablity exists in Kimai Kimai 2 prior to 1.14.1 via a description in a new timesheet.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-43515
https://github.com/kevinpapst/kimai2/commit/dad1b8b772947f1596175add1b4f33b791705507#…
[com.yahoo.elide:elide-datastore-aggregation] SQL Injection in elide-datastore-aggregation
Impact
When leveraging the following together:
Elide Aggregation Data Store for Analytic Queries
Parameterized Columns (A column that requires a client provided parameter)
A parameterized column of type TEXT
There is the potential for a hacker to pro…
[github.com/ipld/go-ipfs] Daemon panics when processing certain blocks
Impact
go-ipfs nodes with versions 0.10.0, 0.11.0, 0.12.0, or 0.12.1 can crash when trying to traverse certain malformed graphs due to an issue in the go-codec-dagpb dependency. Vulnerable nodes that work with these malformed graphs may crash leading …
[github.com/ipld/go-codec-dagpb] Panic when processing certain blocks
Impact
Decoding certain blocks using the go-ipld-prime version of the dag-pb codec (go-codec-dagpb) can cause a panic. The panic comes from an assumption that the reported link length is accurate, but if the block ends before that reported length then…
[org.xwiki.platform:xwiki-platform-web] Unauthenticated user can list hidden document from multiple velocity templates in XWiki
Impact
A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents.
Patches
The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1.
Workarounds
There is no known workaro…
[org.xwiki.platform:xwiki-platform-skin-skinx] Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
Impact
Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually creat…
[org.xwiki.platform:xwiki-platform-web-templates] Unauthenticated user can retrieve the list of users through uorgsuggest.vm
A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.
References
h…
[Bond.Core.CSharp] Infinite loop in .Net Bond
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka ‘Bond Denial of Service Vulnerability’. Handling of large container lengths that could cause an infinite loop when deserializing some payloads.
R…
[Simple-Wayland-HotKey-Daemon] Insecure temporary file usage in SWHKD
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-27818
https://github.com/waycrate/swhkd/commit/f70b99dd575fab79d8a942111a6980431f006818…