ghsa

### Impact In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. ### Patches This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. ### Workarounds User's still using Argo CD 2.3 or below are advised to update to a [supported ver...

Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosure vulnerability.

A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.

A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server

### Impact An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted `endpointSelector` that uses the `DoesNotExist` operator on the `reserved:init` label, the attacker can create policies that bypass namespace restrictions and affect the entire Cilium cluster. This includes potentially allowing or denying all traffic. This attack requires API server access, as described in the [Kubernetes API Server Attacker](https://docs.cilium.io/en/stable/security/threat-model/#kubernetes-api-server-attacker) section of the Cilium Threat Model. ### Patches This issue was patched in https://github.com/cilium/cilium/pull/28007 This issue affects: - Cilium <= v1.14.1 - Cilium <= v1.13.6 - Cilium <= v1.12.13 This issue has been resolved in: - Cilium v1.14.2 - Cilium v1.13.7 - Cilium v1.12.14 ### Workarounds An adm...

### Impact In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with - `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) - `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. ### Patches [Pull request with fix](https://github.com/cilium/cilium/pull/27597) This issue affects: Cilium <= v1.14.1 Cilium <= v1.13.6 Cilium <= v1.12.13 This issue has been resolved in: Cilium v1.14.2 Cilium v1.13.7 C...

### Impact This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication. ### Patches Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions. ### Workarounds Don't expose the SOCKS5 inbound to insecure environments.

### Impact `_abi_decode()` does not validate input when it is nested in an expression. the following example gets correctly validated (bounds checked): ```vyper x: int128 = _abi_decode(slice(msg.data, 4, 32), int128) ``` however, the following example is not bounds checked ```vyper @external def abi_decode(x: uint256) -> uint256: a: uint256 = convert(_abi_decode(slice(msg.data, 4, 32), (uint8)), uint256) + 1 return a # abi_decode(256) returns: 257 ``` the issue can be triggered by constructing an example where the output of `_abi_decode` is not internally passed to `make_setter` (an internal codegen routine) or other input validating routine. ### Patches https://github.com/vyperlang/vyper/pull/3626 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_