PT-2024-14549 · Unknown · Activitymanagerservice

Name of the Vulnerable Software and Affected Versions: ActivityTaskManagerService module affected versions not specified Description: The issue concerns a vulnerability of permission verification in some APIs within the ActivityTaskManagerService module. Successful exploitation of this...

PaperCut NG Security Vulnerability

PaperCut NG is a suite of next-generation printer control software from PaperCut Australia. A security vulnerability exists in PaperCut NG/MF that stems from a vulnerability that allows an attacker to expose files on the server to affected API endpoints via a payload...

OESA-2024-1151 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can resu...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Improper Handling of Insufficient Privileges (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...

CVE-2023-39404

Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart...

CVE-2023-22036

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Utility. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM...

CVE-2022-36249

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...

Are Your APIs Leaking Sensitive Data?

It's no secret that data leaks have become a major concern for both citizens and institutions across the globe. They can cause serious damage to an organization's reputation, induce considerable financial losses, and even have serious legal repercussions. From the infamous Cambridge Analytica...

The vulnerability of FortiOS operating systems, related to access control deficiencies, allows attackers to modify interface settings.

The vulnerability of FortiOS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to modify interface settings remotely through APIs...

Jenkins Plugin Pipeline: Supporting APIs 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin Pipeline:...

CVE-2022-31757

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality...

Vulnerability of the API components of Google Chrome and Microsoft Edge, allowing attackers to execute arbitrary code

The vulnerability of Google Chrome and Microsoft Edge browser APIs is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

UBUNTU-CVE-2022-21248

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

PT-2022-10681 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.1 and earlier Description: The issue arises from insufficient permission validation when viewing archived channels. This allows authenticated users to bypass system administrator restrictions and view the contents of...

[SECURITY] Fedora 34 Update: linuxptp-3.1.1-1.fc34

This software is an implementation of the Precision Time Protocol PTP according to IEEE standard 1588 for Linux. The dual design goals are to provi de a robust implementation of the standard and to use the most relevant and mode rn Application Programming Interfaces API offered by the Linux kerne...

The vulnerability of the APIs of the Oracle Installed Base information storage center component of the Oracle E-Business Suite, which exists due to insufficient verification of input data, allows a perpetrator to modify the data.

The vulnerability of the APIs of the Oracle Installed Base information storage center component in the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to modify, add, or...