Vulnerability Summary for the Week of August 15, 2022
activerecord — update_by_case This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement…
Security Information and News
activerecord — update_by_case This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement…
accusoft — imagegear An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An…
@acrontum — filesystem-template The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. 2022-08-05 not…
@ianwalter/merge — @ianwalter/merge All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. 2022-07-25 not yet calculated CVE-2021-23397CONFIRM adobe —…
adobe — acrobat_reader Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type (‘Type Confusion’) vulnerability…
adobe — acrobat_reader Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary…
adminlte — adminlte AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert(“XSS”)</script>` in the field marked with “Domain to look for” and hitting…
admidio — admidio Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). 2022-06-28 not yet calculated CVE-2022-23896MISC aerogear — aerogear The simplepush server iterates through the application installations and…
Rails::Html::Sanitizer — Rails::Html::Sanitizer # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected:…
adobe — indesign Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the…