Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)

Summary A Publicly disclosed vulnerability in Open Source Python affects IBM Tivoli Application Dependency Discovery Manager CVE-2022-0391 Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the...

PT-2022-24979 · Unknown · Tsruban Hhims

Name of the Vulnerable Software and Affected Versions: tsruban HHIMS version 2.1 Description: A critical issue has been found in the Patient Portrait Handler component. The manipulation of the PID argument leads to sql injection. This issue can be exploited remotely. Recommendations: For tsruban...

CVE-2022-2527

An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions starting from 14.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2.which allowed an authenticated attacker to inject arbitrary content. A victim...

CVE-2022-2527

CVE-2022-2527 affects GitLab CE/EE (all versions 14.9–15.0.x and 15.1–15.3 with specific pre-patch ranges) through the Incident Timelines feature. An authenticated attacker could inject arbitrary content, enabling the victim to trigger arbitrary requests. Public records show CVSS base scores of 8...

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

CVE-2022-20851

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

Input validation

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

CVE-2022-20851 Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

CVE-2022-20851

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

Design/Logic Flaw

NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines...

CVE-2022-40026

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php...

CVE-2022-2754

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks...

Vulnerabilities fixed in Synology DiskStation Manager

Vulnerabilities have been fixed in GLPI for Synology DiskStation Manager. An unauthenticated malicious person could exploit them to perform SQL injections and gain accessing sensitive data. Synology has made updates available to address the vulnerabilities. fixes. For more information, see:...

python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

Debian dla-3090 : php-horde-turba - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3090 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3090-1 [email protected] https://www.debian.org/lts/security/...

Library Management System SQL注入漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in the v1.0 version of Library Management System due to an SQL injection issue in the name parameter of the...

Black Hat and DEF CON Roundup

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. The week even included a rare Las Vegas fla...

SQL Injection

Overview updatebycase is an a package that allows you to update multiple ActiveRecord records based on case values on a single database hit Affected versions of this package are vulnerable to SQL Injection in the UpdateByCase and Utils classes, which accept and process SQL strings without...

Security Bulletin: IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to urllib package in Python3 (CVE-2022-0391)

Summary IBM Netezza for Cloud Pak for Data is vulnerable to injection attack due to improper input validation by the urllib.parse module from Python3. Vulnerability is addressed by upgrading Pytthon to version 3.9.7. Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weak...