CVE-2022-43165

A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...

CVE-2022-43165

A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A cross-site scripting vulnerability exists in Rukovoditel version 3.2.1, which stems from the Value parameter...

CVE-2022-43165

A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...

PT-2022-26782 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue in the Global Variables feature, specifically at the "/index.php?module=global vars/vars" endpoint, allows authenticated attackers to execute arbitrary web scripts...

CVE-2022-43165

CVE-2022-43165 affects Rukovoditel

GHSA-2C6M-6GQH-6QG3 Docker Command Escaping in the GitHub Actions Runner

Impact The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered that allows an input to escape the environment variable and modify th...

Linux kernel has unspecified vulnerabilities (CNVD-2022-72090)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that stems from the use of uninitialized variables. No details of the vulnerability are currently available...

GitHub Actions Runner 操作系统命令注入漏洞

GitHub Actions Runner is an application that runs jobs from a GitHub Actions workflow. A security vulnerability exists in GitHub Actions Runner that stems from the presence of a logic error that allows input to escape an environment variable and directly modify that docker command call, Jobs that...

PT-2022-24898 · Github · Github Actions Runner

Name of the Vulnerable Software and Affected Versions: GitHub Actions Runner versions prior to 2.296.2 GitHub Actions Runner versions prior to 2.293.1 GitHub Actions Runner versions prior to 2.289.4 GitHub Actions Runner versions prior to 2.285.2 GitHub Actions Runner versions prior to 2.283.4...

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

Transfering funds to yourself increases your balance

Lines of code Vulnerability details Impact Using temporary variables to update balances is a dangerous construction that has led to several hacks in the past. Here, we can see that toBalance can overwrite fromBalance: File: LBToken.sol 176: function transfer 177: address from, 178: address to, 17...

编号撤回

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that stems from the use of uninitialized variables. No details of the vulnerability are currently available...

PT-2022-7345 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the use of uninitialized variables hw ctrl s1 and sw ctrl s1 in the rtl8188f spur calibration function in the drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu...

Uninitialized Storage Variables

Lines of code github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JBTiered721DelegateStore.solL344 github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a6649568016ff0d0efd0/contracts/JBTiered721DelegateStore.solL1024 Vulnerability details...

PT-2022-6167 · Go +3 · Go +3

Name of the Vulnerable Software and Affected Versions: Go versions prior to the fixed version Description: The issue is related to unsanitized NUL values in environment variables on Windows. Attackers may exploit this behavior to set arbitrary environment variables. In syscall.StartProcess and...

go -- syscall, os/exec: unsanitized NUL in environment variables

The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different...

Dell BIOS Input Validation Error Vulnerability (CNVD-2023-08763)

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA.Dell BIOS is vulnerable to an input validation error, which can be exploited by a locally authenticated attacker with administrative privileges to modify UEFI variables...

CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...