Day: Eylül 7, 2022

CVE-2022-36089

KubeVela is an application delivery platform Users using KubeVela’s VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11…

Devamını oku

CVE-2022-36088

GoCD is a continuous delivery server. Windows installations via either the server or agent installers for GoCD prior to 22.2.0 do not adequately restrict permissions…

Devamını oku

CVE-2022-36086

linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were missing a minimum size check for the given…

Devamını oku

CVE-2022-36083

JOSE is “JSON Web Almost Everything” – JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime’s native crypto in Node.js, Browser, Cloudflare Workers,…

Devamını oku

CVE-2022-36082

mangadex-downloader is a command-line tool to download manga from MangaDex. When using `file:<location>` command and `<location>` is a web URL location (http, https), mangadex-downloader between…

Devamını oku

CVE-2020-19914

Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers to execute arbitrary web script or HTML via the attachment upload function. Zafiyet ile ilgili…

Devamını oku

CVE-2022-36081

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists…

Devamını oku

CVE-2022-36080

Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user’s session cookies or execute malicious Javascript when…

Devamını oku

CVE-2022-36049

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux’s helm-controller is a Kubernetes operator that allows one to…

Devamını oku