CVE-2022-39252 Matrix client-server library and encryption library.
Prior to version 0.5, the Matrix client-server protocol did not support encrypted key material. This means that when a user receives a signed room
CVE-2021-41803 HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 don't validate node or segment names before using it in JWT claim assertions with the auto config RPC.
The above findings indicate that HashiCorp Consul versions 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 are vulnerable