Information disclosure

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier...

PT-2022-21510 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 16 watchOS versions prior to 9 Description: The issue allows an app to potentially read a persistent device identifier. This was addressed with improved entitlements. Recommendations: For iOS versions prior to 16, update...

CVE-2022-32835

This issue was addressed with improved entitlements. This issue is fixed in iOS 16, watchOS 9. An app may be able to read a persistent device identifier...

CVE-2022-32835

CVE-2022-32835 affects Apple platforms (iOS/iOS 16 and watchOS 9) and concerns reading a persistent device identifier due to entitlement checks. The issue is addressed with improved entitlements in iOS 16 and watchOS 9. According to the records, exploitation details are not provided; the CVSS ind...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.5 security and bug fix update

OpenShift API for Data Protection OADP 1.0.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

Malicious code in dapp2nix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6616eac43ff0c04ad7acf7bcfa5e995892088a6b2be461341dc7dd4f369a1a65 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Stack overflow

IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service DOS when it parses scientific notation numbers present in JSON. A patch for this issue is available at commit...

Cisco Email Security Appliance DNS Verification DoS (cisco-sa-esa-dos-MxZvGtgU)

According to its self-reported version, Cisco Email Security Appliance is affected by a vulnerability in the DNS-based Authentication of Named Entities DANE email verification component that allows an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected devic...

Insecure Session Management

rdiffweb is vulnerable to insecure session management. The vulnerability exists because user sessions are not properly defined with session persistent timeout which allows an attacker to access the active sessions of other users and perform unauthorized actions...

Malicious code in @nexthink/investigations-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 96c7504109a0c5da8a958e741bf417d560564dc1a8270fb730254ff31f5f79bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WiFi File Transfer 1.0.8 Cross Site Scripting

Document Title: =============== WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2322 Release Date: ============= 2022-10-17 Vulnerability Laboratory ID VL-ID:...

Vicidial 2.14-783a Cross Site Scripting

Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Stripe Green Downloads 2.03 Cross Site Scripting

Document Title: =============== Stripe Green Downloads 2.03 - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2287 Release Date: ============= 2022-10-17 Vulnerability Laboratory ID VL-ID: ===================================...

MapTool 1.11.5 Cross Site Scripting

Document Title: =============== MapTool v1.11.5 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2319 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Stripe Green Downloads 2.03 - Cross Site Web Vulnerability

Document Title: =============== Stripe Green Downloads 2.03 - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2287 Release Date: ============= 2022-10-16 Vulnerability Laboratory ID VL-ID: ===================================...

WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities

Document Title: =============== WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2322 Release Date: ============= 2022-10-16 Vulnerability Laboratory ID VL-ID:...

CVE-2022-42069

Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting XSS vulnerability...

MapTool v1.11.5 - Cross Site Scripting Vulnerabilities

Document Title: =============== MapTool v1.11.5 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2319 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 23...