Server side request forgery (ssrf)

An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML such as an SSRF payload into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field...

uint16 type for the facet position and selector position

Lines of code Vulnerability details Description In the Diamond library there is uint16 type used for the facet position and selector position in the FacetToSelectors and SelectorToFacet structs. That creates a restriction that the number of facets is limited by 2^16. In case when the number of...

CVE-2022-39348

A host header injection flaw was found in the twisted event-based framework's web module. When the host header does not match a configured host, the web module will render unescaped characters into the 404 response. This can result in HTML and script injection. For this vulnerability to be...

Design/Logic Flaw

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials...

Spotlight: Women of Coalfire part 3

In this spotlight series, we are recognizing some of the women at Coalfire who have shattered glass ceilings and forged their own paths despite the obstacles they faced. Karen Laughton and Michi Everett are two of these women. Karen was the first female to hold an executive position in delivery a...

CVE-2022-3497

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...

Cross site scripting

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...

Human Resource Management System 跨站脚本漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A cross-site scripting vulnerability exists in Human Resource Management System version 1.0, which is caused by incorrect manipulation of the parameters city/state/country/position...

PT-2022-22465 · Sourcecodester · Sourcecodester Human Resource Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Management System version 1.0 Description: A vulnerability was found in the Master List component, where the manipulation of the city, state, country, or position argument leads to cross-site scripting. This issu...

Design/Logic Flaw

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information...

CVE-2022-32799

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information...

CVE-2022-32799

CVE-2022-32799 is an out-of-bounds read issue in macOS components that was fixed by Apple in Security Update 2022-005 for Catalina and in macOS Monterey 12.5. The public description notes that a user in a privileged network position could leak sensitive information, with the remediation being the...

CVE-2022-41220

md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input...

Mozilla Thunderbird Security Advisory (MFSA2022-32) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Security Advisory (MFSA2022-31) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

MGASA-2022-0300 Updated thunderbird packages fix security vulnerability

Mouse Position spoofing with CSS transforms. CVE-2022-36319 Directory indexes for bundled resources reflected URL parameters. CVE-2022-36318...

CVE-2022-32857

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s...

Approved Borrower can can walk away with collateral in leveraged borrowed Position

Lines of code Vulnerability details Impact When an approved borrower calls leveragedPosition , their userBorrowShares and userCollateralBalance values are updated. The borrow will be able to walk away with collateral balance by adding more collateral to pass the isSolvent check and remove all the...

Not calling approve(0) before setting a new approval might cause reverts when used with Tether (USDT)

Lines of code Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's approve function will revert if the current approval is not zero, to protect against front-running changes o...

TypeORM 0.3.7 Information Disclosure Vulnerability

I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...