ghsa

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.

webmention.js prior to 0.5.5 is vulnerable to cross-site scripting.

Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.

Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.

### Impact Authorized clients, having an `inject_processor` secret, could brute-force the secret token value by abusing the `fmt` parameter to the `Proxy-Tokenizer` header. ### Patches This was fixed in https://github.com/superfly/tokenizer/pull/8 and further mitigated in https://github.com/superfly/tokenizer/pull/9.

A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `smile_code` parameter of the component `/editprofile.php`.

### Impact When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. ### Patches v1.4.17 and later versions contain the fix for this issue ### Workarounds there were no workarounds for this issue. The affected account could only wait for the DoS attack to finish as the attack was not free or to attempt to send transactions in a very fast manner so as to compete on the same nonce with the attacker. ### References For the future understanding of this issue, on v1.4.17 and onwards versions, we have this integration test that addresses the issue and tests the fix. https://github.com/multiversx/mx-chain-go/blob/babdb144f1316ab6176bf3dbd7d4621120414d43/integrationTests/vm/txsFee/r...

Under rare conditions, a restart of Umbraco can allow unauthorized users to gain admin-level permissions. ### Impact An unauthorized user gaining admin-level access and permissions to the backoffice. ### Patches 10.6.1, 11.4.2, 12.0.1 ### Workarounds * Enabling the [Unattended Install](https://docs.umbraco.com/umbraco-cms/reference/configuration/unattendedsettings) feature will mean the vulnerability is not exploitable. * Enabling IP restrictions to `*/install/*` and `*/umbraco/*` will limit the exposure to allowed IP addresses.

In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed, allowing attackers to escape the sandbox and run arbitrary code. ### Impact Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. ### Patches None. ### Workarounds None. ### References PoC is to be disclosed on or after the 8th of August. ### For more information If you have any questions or comments about this advisory: - Open an issue in [VM2](https://github.com/patriksimek/vm2)