new packages: iso-codes

An update is available for iso-codes. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterpri...

Command Injection

fribidi is vulnerable to command injection. The vulnerability exists in fribidi which allows an attacker to inject and execute arbitrary codes...

Remote Code Execution (RCE)

Slurm is vulnerable to remote code execution. The vulnerability exists because the user restrictions are not properly handled which allows an attacker to inject arbitrary codes...

CVE-2021-43206

A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy's client username and IP via same origin HTTP requests...

Protect

A server-generated error message containing sensitive information vulnerability CWE-550 in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages...

Command Injection

git is vulnerable to Command Injection. The vulnerability exists in the fetch function in lib.rb because remote parameter does not properly sanitize which allows a malicious attacker to inject and execute arbitrary codes...

CVE-2021-42136

A stored Cross-Site Scripting XSS vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request...

CVE-2021-42136

Summary: CVE-2021-42136 is a stored XSS in REDCap’s Missing Data Codes functionality present in versions before 11.4.0. The vulnerability allows an attacker to store JavaScript as a Missing Data Code value, which is then executed in the victim’s browser and can be leveraged to perform a Cross-Sit...

CVE-2021-42136

A stored Cross-Site Scripting XSS vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request...

WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability

Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at...

SiteGround Security < 1.2.6 - Authorization Weakness to Authentication Bypass via 2-FA Back-up Codes

The method in which 2FA back-up code authentication is handled by the plugin makes it possible for attackers to log in if they are able to brute force a back-up code for a user or compromise it via other means such as SQL Injection...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +3606 more potentially affected by CVE-2022-22965 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.17)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =1.1.0, =1.13.0, =2.2.0 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

CVE-2022-27254 - PoC For Vulnerability In Honda's Remote Keyless System

PoC for vulnerability in Honda's Remote Keyless SystemCVE-2022-27254 Disclaimer: For educational purposes only. Kindly note that the discoverers for this vulnerability are Ayyappan Rajesh, a student at UMass Dartmouth and HackingIntoYourHeart. Others mentioned in this repository are credited for...

CVE-2022-25620

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 versio...

Honda's Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles

A duo of researchers has released a proof-of-concept PoC demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system...

Citrix - Gateway as a service - Error Codes For Session Launch Failure

Multiple Error codes during session launch failures...

Exploit for Authentication Bypass by Capture-replay in Honda Civic_2018_Firmware

CVE-2022-27254 PoC for vulnerability in Honda's Remote Keyless...

PT-2022-18332 · Honda · Honda Civic

Name of the Vulnerable Software and Affected Versions: Honda Civic versions 2016 through 2020 Description: The issue concerns a replay attack vulnerability in the remote keyless system of certain Honda vehicles, allowing unauthorized individuals to unlock doors and start the engine by interceptin...

SUSE-SU-2022:0860-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. Non-security issues fixed: - Fix PAC pointer authentication in ARM. bsc1195856 - Pull libopenssl-11 when updating openssl-11 wit...