### Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with i ...
Continue Reading
May 23, 2022
### Impact Users of versions 9.8.5, 9.8.6, 9.9.0 and previously published prereleases of 10.0.0 who have used either one of the two `RequireDisCatSharpDeveloperAttribute`s or the `BaseDiscordClient.Li ...
Continue Reading
May 23, 2022
### Impact The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen ...
Continue Reading
May 23, 2022
### Impact On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, ...
Continue Reading
May 23, 2022
Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request. From this, the attacke ...
Continue Reading
May 23, 2022
# Description Hello , its my first report in huntr.dev fast code review : file https://github.com/yogeshojha/rengine/blob/master/web/api/views.py#L820 ``` class CMSDetector(APIView): def get(self, re ...
Continue Reading
May 23, 2022
# Description While searching online, I found that https://stackoverflow.com/questions/53764109/is-there-a-java-api-that-will-identify-the-ipv6-address-fd00-as-local-private also states fc00 / fd00 ar ...
Continue Reading
May 23, 2022
# Description The `WellKnownServlet` is vulnerable to path traversal. This allows reading local files. For example the files in `WEB-INF` that contain secrets and API keys can be read. https://github. ...
Continue Reading
May 23, 2022
Back to Main
