PT-2022-27772 · Airtable · Airtable.Js

Name of the Vulnerable Software and Affected Versions: Airtable.js versions prior to 0.11.6 Description: The issue arises from a misconfigured build script in the Airtable.js source package, which bundles environment variables into the build target of a transpiled bundle. Specifically, the AIRTAB...

CVE-2022-46155 Airtable.js credentials exposed in browser builds

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

CVE-2022-46155 Airtable.js credentials exposed in browser builds

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

CVE-2022-46155 Airtable.js credentials exposed in browser builds

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

CVE-2022-4020

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable...

MGASA-2022-0444 Updated golang packages fix security vulnerability

Fixed unsanitized NUL in environment variables in syscalls, os/exec go56327 bsc1204941. CVE-2022-41716 runtime: lock count" fatal error when cgo is enabled go56308...

Updated golang packages fix security vulnerability

Fixed unsanitized NUL in environment variables in syscalls, os/exec go56327 bsc1204941. CVE-2022-41716 runtime: lock count" fatal error when cgo is enabled go56308...

[SECURITY] Fedora 36 Update: drupal7-i18n-1.31-1.fc36

This is a collection of modules to extend Drupal core multilingual capabiliti es and be able to build real life multilingual sites. Some features: Taxonomy translation both, per language terms and translatable terms Multilingual variables Multilingual blocks control visibility per language and...

[SECURITY] Fedora 37 Update: drupal7-i18n-1.31-1.fc37

This is a collection of modules to extend Drupal core multilingual capabiliti es and be able to build real life multilingual sites. Some features: Taxonomy translation both, per language terms and translatable terms Multilingual variables Multilingual blocks control visibility per language and...

Fedora: Security Advisory for drupal7-i18n (FEDORA-2022-91ce497459)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2022-2115 golang security update

The Go Programming Language. Security Fixes: Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious...

Vulnerability fixed in Exim

A vulnerability has been fixed in Exim. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service DoS attack. The way regular expressions are processed in configuration files processed can lead to a crash under certain circumstances. To do so, the...

CVE-2022-41925

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

Design/Logic Flaw

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

Atlassian Addresses Issues in Crowd and Bitbucket Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has two security holes that can be abused to allow arbitrary code execution. CVE-2022-43782 allows an intruder connecting from an IP address on the allow list to authenticate as the crow...

CVE-2022-41925 Tailscale daemon is vulnerable to information disclosure via CSRF

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

Tailscale 跨站请求伪造漏洞

Tailscale is an open source WireGuard based application from Tailscale. Can provide a secure private network for any size team . Tailscale v1.32.3 before the version of the cross-site request forgery vulnerability , the vulnerability stems from allowing malicious websites to access the peer-to-pe...

CVE-2022-41925

The CVE affects all Tailscale clients prior to v1.32.3. A DNS rebinding flaw in the peer API allows a malicious website to rebind the node’s DNS to attacker-controlled resolvers, enabling the attacker to issue peer API requests and read environment variables (including credentials/secrets such as...

CVE-2022-41925 Tailscale daemon is vulnerable to information disclosure via CSRF

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...

CVE-2022-41925 Tailscale daemon is vulnerable to information disclosure via CSRF

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the peer API was vulnerable to DNS rebinding. This allowed an attacker-controlled website visited by the...