ghsa

Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosure vulnerability.

A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.

A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

### Impact An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted `endpointSelector` that uses the `DoesNotExist` operator on the `reserved:init` label, the attacker can create policies that bypass namespace restrictions and affect the entire Cilium cluster. This includes potentially allowing or denying all traffic. This attack requires API server access, as described in the [Kubernetes API Server Attacker](https://docs.cilium.io/en/stable/security/threat-model/#kubernetes-api-server-attacker) section of the Cilium Threat Model. ### Patches This issue was patched in https://github.com/cilium/cilium/pull/28007 This issue affects: - Cilium <= v1.14.1 - Cilium <= v1.13.6 - Cilium <= v1.12.13 This issue has been resolved in: - Cilium v1.14.2 - Cilium v1.13.7 - Cilium v1.12.14 ### Workarounds An adm...

### Impact In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with - `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) - `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. ### Patches [Pull request with fix](https://github.com/cilium/cilium/pull/27597) This issue affects: Cilium <= v1.14.1 Cilium <= v1.13.6 Cilium <= v1.12.13 This issue has been resolved in: Cilium v1.14.2 Cilium v1.13.7 C...

### Impact This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication. ### Patches Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions. ### Workarounds Don't expose the SOCKS5 inbound to insecure environments.

### Impact `_abi_decode()` does not validate input when it is nested in an expression. the following example gets correctly validated (bounds checked): ```vyper x: int128 = _abi_decode(slice(msg.data, 4, 32), int128) ``` however, the following example is not bounds checked ```vyper @external def abi_decode(x: uint256) -> uint256: a: uint256 = convert(_abi_decode(slice(msg.data, 4, 32), (uint8)), uint256) + 1 return a # abi_decode(256) returns: 257 ``` the issue can be triggered by constructing an example where the output of `_abi_decode` is not internally passed to `make_setter` (an internal codegen routine) or other input validating routine. ### Patches https://github.com/vyperlang/vyper/pull/3626 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_

### Impact Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. ### Patches https://github.com/matrix-org/synapse/pull/16327 ### Workarounds There is no workaround.