GitHub

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. Version 1.11.2 contains a patch for the problem.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-34113
https://githu…

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. Version 1.11.2 contains a patch for this issue.
References

https://n…

An issue was discovered in the file-type package from 13.0.0 until 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive…

Impact
This vulnerability would allow any user, regardless of permissions, to upload content into a repository. This affects installations of Islandora core 2.0 or greater.
Patches
Upgrade immediately to the latest release of Islandora.
Workarounds
In …

Impact
Vulnerable library protobuf-java 3.11.4 (CVE-2021-22569)
Patches
Dependency updated in jadx 1.4.3
References
According to the AquaSecurity report:

Also, Maven repository have links to this and other vulnerabilities from dependencies:
https://mv…

Impact
There was a bug in Wasmtime’s code generator, Cranelift, for AArch64 targets where constant divisors could result in incorrect division results at runtime. The translation rules for constants did not take into account whether sign- or zero-exten…

Impact
ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8’s abi.decode allows some cases to revert, given a target contract that doe…