Microsoft Releases August 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s August 2022 Security Update Guide and Deployment...

GHSA-C2J7-66M3-R4FF JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization

Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2022

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.2-IF012 and 21.0.3-IF010. Vulnerability Details CVEID:CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to...

java-1.8.0-openjdk security, bug fix, and enhancement update

1:1.8.0.342.b07-1 - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with...

java-1.8.0-openjdk security, bug fix, and enhancement update

1:1.8.0.342.b07-1 - Update to shenandoah-jdk8u342-b07 - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Use 'git apply' with...

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page an...

tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...

Microsoft Releases June 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment...

GHSA-2GQW-Q9R9-7F79 Changeset vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution. Details The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply' does not che...

Changeset vulnerable to prototype pollution

Overview Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows attackers to cause a denial of service and may lead to remote code execution. Details The npm module 'changeset' can be abused by Prototype Pollution vulnerability since the function 'apply' does not che...

Microsoft Releases May 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2022 Security Update Summary and Deployment...

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS. At Apply for vendor account feature, an attacker can upload an arbitrary file to the system...

nopCommerce 跨站脚本漏洞

nopCommerce is an open source general purpose e-commerce platform. A security vulnerability exists in nopCommerce 4.50.1, which allows an attacker to upload arbitrary files to the system via the Apply for Vendor Account feature...

CVE-2022-27351

Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /publichtml/applyvacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

PHPGURUKUL Zoo Management System 代码问题漏洞

PHPGURUKUL Zoo Management System is a zoo management system by the PHPGurukul Phpgurukul team. A security vulnerability exists in Zoo Management System v1.0, which stems from the lack of a restriction on the type of file that can be uploaded in /publichtml/applyvacancy, which can be exploited by ...

PT-2022-18389 · Unknown · Zoo Management System

Name of the Vulnerable Software and Affected Versions: Zoo Management System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability. This is possible through the "/public html/apply vacancy" API...

The vulnerability of the apply_sao_internal function in the h.265 Libde265 implementation allows a attacker to cause a service failure.

The vulnerability of the applysaointernal function in the h.265 Libde265 implementation is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to cause a service failure using a specially created file...