Vulnerabilities fixed in Dell BIOS

Vulnerabilities have been fixed in the BIOS of Dell products. The vulnerabilities allow a malicious person to execute arbitrary execute arbitrary code under administrator privileges and manipulate data manipulate data. To exploit the vulnerabilities, an authenticated malicious party must have...

Critical severity command injection vulnerability - CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution on the system. This vulnerability was introduced in Bitbucket Server and Data Center...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA.Dell BIOS is vulnerable to an input validation error, which can be exploited by a locally authenticated attacker with administrative privileges to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. A security vulnerability exists in Dell BIOS that stems from incorrect input validation. An attacker could exploit the vulnerability to modify UEFI variables...

PT-2022-5667 · Atlassian · Bitbucket Server +1

Name of the Vulnerable Software and Affected Versions: Atlassian Bitbucket Server and Data Center affected versions not specified Description: The issue is related to a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to...

Requiring Timelock For Setter Functions

Lines of code Vulnerability details Vulnerability Details We noticed that the following owner-privileged setter functions can update important state variables without a time delay. 1. setExecutionDelegate function of the BlurExchange contract L215 - 222 in code snippet 1 2. setPolicyManager...

Reentrancy

Lines of code Vulnerability details Reentrancy in BlurExchange.executeInput,Input contracts/BlurExchange.sol128-175: External calls: - executeFundsTransfersell.order.trader,buy.order.trader,sell.order.paymentToken,sell.order.fees,price contracts/BlurExchange.sol147-153 -...

Cloudfox - Automating Situational Awareness For Cloud Penetration Tests

CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following commo...

CVE-2022-2781

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables...

Design/Logic Flaw

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables...

PT-2022-18604 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue arises from the use of the same encryption process for both session cookies and variables in affected versions of the software. Recommendations: At the moment, there is no...

Octopus Server 加密问题漏洞

Octopus Server is an automated deployment platform. Octopus Server has a cryptographic issue vulnerability that stems from the fact that it uses the same encryption process for encrypting session cookies and variables...

CVE-2022-2781

In affected versions of Octopus Server it was identified that the same encryption process was used for both encrypting session cookies and variables...

U.S. Dept Of Defense: Sensitive Data Exposure at https://█████████

Sensitive data exposure was discovered in an endpoint of a website, which contained AWS S3 credentials, PATH, IP, and PORTs. This could have allowed an attacker to gain access to sensitive information on the AWS account or perform arbitrary modifications on the AWS resources...

Semrush: Exposure of service tokens to webpack bundle

Service tokens were exposed in a webpack bundle during the build process due to environment variables being accidentally included in the webpack configuration file. A review found no evidence the exposed tokens were used by unauthorized parties...

CVE-2022-32786

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system...

CVE-2022-26707

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information...

CVE-2022-26707

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information...

Design/Logic Flaw

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information...

CVE-2022-32786

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system...