Oracle Linux 9 : pcs (ELSA-2022-9753)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9753 advisory. 0.11.1-10.el90.2 - Fixed ruby socket permissions - Resolves: rhbz2116839 Tenable has extracted the preceding description block directly from the Oracle Linux...

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c

A use-after-free vulnerability was found in systemd. This issue occurs due to the onstreamio function and dnsstreamcomplete function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the...

MAL-2022-1027 Malicious code in anypoint-component-site (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b60b65ec382d6f34f244239832ce506ad18482926adcaeb18716008141f115b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6901 Malicious code in ve-loaer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f591aa173fa95037c0279b301e3fe1d86b8db7b3165221944fb20fd10021e7ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2761 Malicious code in eoman-dnvironment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2a85bef85e0050a967cc55cc8ba194989e4bf87619f8467790813f4041f983b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in qmt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23449255901b31099664e5a9e324aa1866822c60c99f431d683d6dbb8db1cd75 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious delegated contractor can block funding tasks or mark tasks as complete

Lines of code Vulnerability details Impact A malicious delegated contractor can add a huge number of tasks or one task with a huge cost. This would then pose problems in allocateFunds as tasks could not be funded. Builder could remove delegation for the contractor but couldn't replace the...

CVE-2022-35163

Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the UNAME parameter at /category/controller.php?action=edit...

Fedora: Security Advisory for golang-github-posener-complete (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-posener-complete-2 (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-posener-complete-1.2.3-9.fc36

Package Complete provides a tool for bash writing bash completion in go, and bash completion for the go command line. Writing bash completion scripts is a hard work. This package provides an easy way to create bash completion scripts for any command, and also an easy way to install/uninstall the...

[SECURITY] Fedora 36 Update: golang-github-google-jsonnet-0.17.0-6.fc36

This an implementation of Jsonnet in pure Go. It is feature complete but is n ot as heavily exercised as the Jsonnet C++ implementation. Please try it out and give feedback...

PT-2022-17393 · Enterprisedb · Enterprisedt Completeftp

Name of the Vulnerable Software and Affected Versions: EnterpriseDT CompleteFTP version 22.1.0 Server Description: This issue allows remote attackers to delete arbitrary files on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...

CVE-2022-32224

An insecure deserialization flaw was found in Active Record, which uses YAML.unsafeload to convert the YAML data into Ruby objects. An attacker supplying crafted data to the database can perform remote code execution RCE, resulting in complete system compromise. Mitigation Mitigation for this iss...

Design/Logic Flaw

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracl...

CVE-2022-21554

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.36. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

Fedora: Security Advisory for golang-github-posener-complete-2 (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...