Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 18.0.4. Date published : 2022-05-19 https://huntr.dev/bounties/fded4835-bd49-4533-8311-1d71e0ed7c00 https://github.com/jgraph/drawio/commit/4deecee18191f67e242422abf3ca304e19e49687
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create...
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a...
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for...
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be...
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is...
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. Date published...
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account. Date published : 2022-05-18 https://iknow.lenovo.com.cn/detail/dc_200017.html
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local...
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access. Date published : 2022-05-18 https://iknow.lenovo.com.cn/detail/dc_200017.html
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. Date published : 2022-05-18 https://iknow.lenovo.com.cn/detail/dc_200017.html
Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code. Date published : 2022-05-18 https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 SCADA Animation Graphic Editor Extension for Inkscape 1+
Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. Date published : 2022-05-18 https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 SCADA Animation Graphic Editor Extension for Inkscape 1+
Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information. Date published : 2022-05-18 https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 SCADA Animation Graphic Editor Extension for Inkscape 1+