Zope up to 4.6.0/5.20 TAL Expression pathname traversal

A vulnerability classified as critical was found in Zope up to 4.6.0/5.20 (Application Server Software). Affected by this vulnerability is an unknown functionality of the component TAL Expression Handler. Upgrading to version 4.6.1 or 5.21 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-28750 : ZOOM ON-PREMISE MEETING CONNECTOR ZONE CONTROLLER PRIOR 4.8.20220419.112 STUN ERROR CODE STACK-BASED OVERFLOW

CVE-2022-28750 : ZOOM ON-PREMISE MEETING CONNECTOR ZONE CONTROLLER PRIOR 4.8.20220419.112 STUN ERROR CODE STACK-BASED OVERFLOW

Description Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can

CVE-2022-2756 : KAREADITA KAVITA UP TO 0.5.4.0 SERVER-SIDE REQUEST FORGERY

CVE-2022-2756 : KAREADITA KAVITA UP TO 0.5.4.0 SERVER-SIDE REQUEST FORGERY

Description Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. References https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216 https://github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4 For More Information MITRE

CVE-2022-36801 : ATLASSIAN JIRA SERVER/JIRA DATA CENTER UP TO 8.20.7 TEAMMANAGEMENT.JSPA CROSS SITE SCRIPTING

CVE-2022-36801 : ATLASSIAN JIRA SERVER/JIRA DATA CENTER UP TO 8.20.7 TEAMMANAGEMENT.JSPA CROSS SITE SCRIPTING

Description Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript