GitHub

During an X25519 key exchange, the client’s private is generated with System.Random:
var rnd = new Random();
_privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes];
rnd.NextBytes(_privateKey);

Source: KeyExchangeECCurve25519.csSource commi…

The package protobufjs before 6.11.3 and 6.10.3 is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype.
This vulnerability can occur in multiple ways:

by providing untrusted user input to uti…

There is a possible denial of service vulnerability in the multipart parsing
component of Rack. This vulnerability has been assigned the CVE identifier
CVE-2022-30122.
Versions Affected: >= 1.2
Not affected: < 1.2
Fixed Versions: 2.0….

There is a possible shell escape sequence injection vulnerability in the Lint
and CommonLogger components of Rack. This vulnerability has been assigned the
CVE identifier CVE-2022-30123.
Versions Affected: All.
Not affected: None
Fixed Versions…

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.
References

https://nvd.nist.gov/vuln/…

Impact
Unprivileged software in VMware VMs, including software running in unprivileged containers, can retrieve an Ignition config stored in a hypervisor guestinfo variable or OVF environment. If the Ignition config contains secrets, this can result i…

GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-42248
https://github.com/tidwall/gjson/issues/237
https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f…

SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-42655
https://github.com/siteserver/cms/issues/3237
https://github.com/advisories/GHSA-5xr5-v2h7-2w7w

SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-42656
https://github.com/siteserver/cms/issues/3238
https://github.com/advisories/GHSA-2xwp-7j3p-c78x

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integr…