CVE-2022-31094 Cross site scripting vulnerability in ScratchTools

ScratchTools is a web extension designed to make interacting with the Scratch programming language community Scratching easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The iss...

CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

libredwg 资源管理错误漏洞

GNU LibreDWG is a C language library from the GNU community for working with DWG files. GNU LibreDWG suffers from a double-release vulnerability, for which no detailed vulnerability details are currently available...

[SECURITY] Fedora 36 Update: python3-docs-3.10.5-1.fc36

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

Ransomware Group Debuts Searchable Victim Data

Cybercrime groups that specialize in stealing corporate data and demanding a ransom not to publish it have tried countless approaches to shaming their victims into paying. The latest innovation in ratcheting up the heat comes from the ALPHV/BlackCat ransomware group, which has traditionally...

[SECURITY] Fedora 36 Update: golang-1.18.3-1.fc36

The Go Programming Language...

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...

Vulnerabilities fixed in Red Hat OpenShift Container Platform

Vulnerabilities have been fixed in Red Hat OpenShift Serverless Operator and Operator. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS. Circumvention of security measure The vulnerabilities are locate...

Hakoriginfinder - Tool For Discovering The Origin Host Behind A Reverse Proxy. Useful For Bypassing Cloud WAFs!

Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make a HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide vi...

Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression." Typosquatting attacks take place wh...

ROS-20220516-06

A vulnerability in the high-level Ruby programming language is related to a type conversion bug in the some conversion methods, such as KernelFloat and Stringtof. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to a vulnerable application,...

Moderate: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for...

go-toolset:rhel8 security and bug fix update

An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

ALSA-2022:1764 Moderate: python38:3.8 and python38-devel:3.8 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...

squirrel SQL Injection Vulnerability

squirrel is the stable version of the programming language SQUIRREL 3.2. A security vulnerability exists in squirrel version 3.2, which stems from the lack of a specific sqreservestack call to threadcall in sqbaselib.cpp. No detailed vulnerability details are currently available...

The vulnerability of the php_quot_print_encode function in the PHP programming language allows a perpetrator to cause a service failure.

The vulnerability of the phpquotprintencode function in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the PHP programming language interpreter arises from insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the PHP programming language interpreter exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the PHP programming language interpreter, related to privilege management errors, allows attackers to bypass the protection mechanisms defined by open_basedir.

The vulnerability of the PHP programming language interpreter and the SQLite database management system is related to privilege management errors. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms defined by openbasedir...

The vulnerability of the `_php_stream_scandir` function in the PHP programming language allows a hacker to execute arbitrary code.

The vulnerability of the phpstreamscandir function in the PHP programming language is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...