[SECURITY] Fedora 38 Update: rubygem-activerecord-7.0.4.3-1.fc38

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

CVE-2022-28647

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-28301

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-28302

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

GHSA-3R5C-H7G6-CQW7 Duplicate Advisory: pimcore is vulnerable to cross-site scripting in classes module

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4f25-2x2c-vg6v. This link is maintained to preserve external references. Original Description Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.20...

Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux

Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially...

sandiegocprclasses.com Cross Site Scripting vulnerability OBB-3228518

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

phoenixcprclasses.com Cross Site Scripting vulnerability OBB-3222209

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SAMSUNG Mobile Chipset 缓冲区错误漏洞

SAMSUNG Mobile Chipset is a series of chips from the South Korean company Samsung SAMSUNG. SAMSUNG Mobile Chipset and Baseband Modem Chipset's Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920 have a buffer erro...

CVE-2022-23535 LiteDB contains Deserialization of Untrusted Data

LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...

SUSE CVE-2010-0421

Array index error in the hbotlayoutbuildglyphclasses function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service application crash via a crafted font file, related to building a synthetic Glyph Definition aka GDEF table by usin...

SUSE CVE-2013-4041

Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors...

SUSE CVE-2013-5375

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL...

SUSE CVE-2014-3065

Unspecified vulnerability in IBM Java Runtime Environment JRE 7 R1 before SR2 7.1.2.0, 7 before SR8 7.0.8.0, 6 R1 before SR8 FP2 6.1.8.2, 6 before SR16 FP2 6.0.16.2, and before SR16 FP8 5.0.16.8 allows local users to execute arbitrary code via vectors related to the shared classes cache...

SUSE CVE-2015-8390

PCRE before 8.38 mishandles the : and \ substrings in character classes, which allows remote attackers to cause a denial of service uninitialized memory read or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

SUSE CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

SUSE CVE-2020-14422

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface...

SUSE CVE-2021-32823

In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...

CVE-2022-4905 UDX Stateless Media Plugin class-settings.php setup_wizard_interface cross site scripting

A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress. It has been declared as problematic. This vulnerability affects the function setupwizardinterface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The...

xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs...