Malicious code in wallet-nodejs-binding (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19008a50d899f9a3a78116d541b53e03f18a52847e6345eec6823b6adcc6a564 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1814 Malicious code in calling-component-bindings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d34742e24d97901f4bbbaee9d2c3f3166f3b4f29cd95880e1a0594078f45301a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Vulnerability in Spring Framework affects IBM Watson Explorer (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970)

Summary Spring Framework is used by IBM Watson Explorer Foundational and Analytical Components. IBM Watson Explorer has addressed the applicable CVE CVE-2022-22971, CVE-2022-22968, CVE-2022-22970. Vulnerability Details CVEID: CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable...

OESA-2022-1712 python-bottle security update

Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. Security Fixes: Bottle before 0.12.20 mishandles errors during early request binding.CVE-2022-31799...

npm libpq 后置链接漏洞

npm libpq is a node-native binding to the PostgreSQL libpq C client library from npm USA. A backlink vulnerability exists in versions of libpq prior to 1.7.1, which stems from the fact that Read calls to g GitArtifactReader.readFromRepository do not check for files containing trigger resource...

Framework: Data Binding Rules Vulnerability

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the fiel...

CVE-2022-32155

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the...

CVE-2022-32155

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the...

CISA Adds One Known Exploited Vulnerability to Catalog 

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...

PT-2022-7019 · Microsoft +7 · Net 6.0 +8

Name of the Vulnerable Software and Affected Versions: .NET Core versions prior to 3.1.29 .NET 6.0 versions prior to 6.0.9 Description: A denial of service issue exists due to incorrect resource cleanup, allowing a remote attacker to cause a stack overflow by sending a customized payload during...

Dell Wyse Management Suite < 3.6.1 Multiple Vulnerabilities (DSA-2022-098)

The version of Dell Wyse Management Suite installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the DSA-2022-098 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN module have multiple vulnerabilities (CVE-2021-22060, CVE-2022-22950, CVE-2022-0547, CVE-2022-0778, CVE-2022-22965)

Summary Vulnerabilities contained within 3rd party components were identified and remediated in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module. Vulnerability Details CVEID: CVE-2021-22060 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

GHSA-V8X6-59G4-5G3W Denial of service binding form from JSON in Play Framework

Impact A denial-of-service vulnerability has been discovered in Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value. If the JSON data being bound to the form...

Denial of service binding form from JSON in Play Framework

Impact A denial-of-service vulnerability has been discovered in Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the Formbind method directly on a JSON value. If the JSON data being bound to the form...

Validation Bypass

bottle is vulnerable to validation bypass. The library mishandles errors in handle function during early request binding, allowing an attacker to compromise the target system...

GHSA-XHP9-4947-RQ78 Denial of service in bottle

Bottle before 0.12.20 mishandles errors during early request binding...

Denial of service in bottle

Bottle before 0.12.20 mishandles errors during early request binding...

CVE-2022-31018 Denial of service binding form from JSON in Play Framework

Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the FormbindFromRequest method on a JSON request body or the...

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...

DEBIAN-CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...