[SECURITY] Fedora 36 Update: golang-x-lint-0-17.20210123git83fdc39.fc36

Golint is a linter for Go source code...

Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

GHSA-75FC-FV3P-XH82 Jenkins Compuware Source Code Download is missing authorization

BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...

Upgraded Q -> M from 9 [1659036743700]

Judge has assessed an item in Issue 9 as Medium risk. The relevant finding follows: Centralized risk The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts. If the private key of the owner or minter address is compromised, th...

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

CVE-2022-36896

A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

Driver Disk for Cisco enic 4.2.0.26 - For Citrix Hypervisor 8.2 LTSR

Who Should Install this Driver Disk? Customers running the Citrix Hypervisor 8.2 LTSR release who use Cisco's enic driver and wish to use the latest version of the following: Driver Module| Version ---|--- enic| 4.2.0.26 Issues Resolved In this Driver Disk Includes general enhancements and bug...

GO-2022-0515 Stack exhaustion due to deeply nested types in go/parser

Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due to stack exhaustion...

CVE-2022-34032

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njsvalueownenumerate at src/njsvalue.c...

[SECURITY] Fedora 35 Update: source-to-image-1.3.1-4.fc35

Source-to-Image S2I is a toolkit and workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and letting the container prepare that source code for execution. By creating self-assembling builder images,...

Heap-based Buffer Overflow in function ins_compl_infercase_gettext()

Description Heap-based Buffer Overflow in function inscomplinfercasegettext at src/insexpand.c:645 vim version commit 3a393790a4fd7a5edcafbb55cd79438b6e641714 Author: Dominique Pelle Date: Thu Jul 14 17:40:49 2022 +0100 patch 9.0.0053: E1281 not tested with the old regexp engine Problem: E1281 no...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

IBM Security Verify Identity Manager 安全漏洞

IBM Security Verify Identity Manager is a security verification identity manager from IBM USA. A security vulnerability exists in IBM Security Verify Identity Manager version 10.0 that originates from the inclusion of sensitive information in the source code repository...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

WordPress Project Source Code Download plugin <= 1.0.0 - Unauthenticated Backup Download vulnerability

Unauthenticated Backup Download vulnerability discovered by Daniel Ruf in WordPress Project Source Code Download plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 4, 2022 and is not available for download. Reason: Security Issue...

How the FBI quietly added itself to criminals’ instant message conversations

Motherboard has disclosed some information about Operation Trojan Shield, in which the FBI intercepted messages from thousands of encrypted phones around the world. These messages are now used in courts across the world as corroborating evidence. Operation Trojan Shield The US Federal Bureau of...

Cspparse - A Tool To Evaluate Content Security Policies

cspparse is a tool to evaluate Content Security Policies. It uses Google's API to retrieve the CSP Headers and returns them in ReconJSON format. Not only does it check for headers with Google's API, it also parses the target site's HTML to look for any CSP rules that are specified in the tag...