com.day.crx:crx-auth-ldap (=2.3.15), com.day.crx:crx-spellchecker (>=2.3.14 <=2.3.64) +14 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=2.4.0 <=2.4.5)

org.apache.jackrabbit:jackrabbit-core MAVEN version =2.4.0, =2.3.14, =2.3.14, =0.6.0, =2.4.0, =2.4.0, =2.4.0, =5.12.0, =5.11.0, =5.11.0, =5.11.0, =5.12.2 and more Source cves: CVE-2015-1833 Source advisory: OSV:GHSA-9284-J4C9-779Q...

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: OSV:GHSA-5875-M6JQ-VF78...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scripting. The vulnerability exists in the prepare function of PageRegular.php, allowing an attacker to inject and execute malicious javascript through the canonical tags...

SUSE-SU-2022:1536-1 Security Beta update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 bsc1198556 - Fixes for Python 3.10 - Fix salt-ssh opts poisoning...

SUSE-SU-2022:1514-1 Security Beta update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 bsc1198556 - Fixes for Python 3.10 - Fix salt-ssh opts poisoning...

Important: Red Hat Security Advisory: OpenJDK 8u332 security update for Portable Linux Builds

The Red Hat build of OpenJDK 8 java-1.8.0-openjdk is now available for portable Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

The vulnerability of the SyliusGridBundle e-commerce platform for Symfony applications, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the SyliusGridBundle e-commerce platform for Symfony applications is related to the lack of protective measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...

SQL Injection

sylius/grid-bundle is vulnerable to SQL Injection attacks. The library directly passes the values added at the end of query sorting to the database, allowing a malicious user to inject and execute arbitrary SQL queries on the system...

SyliusGridBundle SQL注入漏洞

SyliusGridBundle is an open source e-commerce solution built from decoupled components with a robust API and the highest quality code.A SQL injection vulnerability exists in SyliusGridBundle versions prior to 1.10.1 and prior to 1.11-rc2, which stems from the fact that values added at the end of ...

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: SNYK:JS-WORKSPACETOOLS-2421201...

Jenkins Support Core Plugin stores sensitive data in plain text

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. Support Core Plugin 2.79.1 adds a list of keywords whose associated values are redacted...

Design/Logic Flaw

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle...

Design/Logic Flaw

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2022-6577 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing...

Cross-site Scripting in Netgen Tags Bundle

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...

GHSA-XVVV-WJ7J-R9JM Cross-site Scripting in Netgen Tags Bundle

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...

Exploit for Out-of-bounds Write in Apple Macos

CVE-2021-30853 A simple POC script to test for CVE-2021-30657...

CVE-2021-45895

Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface...