779 matches found
PT-2022-19896 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows customization of the help sidebar in Octopus Server to include a Cross-Site Scripting payload in the support link. Recommendations: At the moment, there is no...
[SECURITY] Fedora 36 Update: golang-github-mailru-easyjson-0.7.6-5.fc36
Package Easyjson provides a fast and easy way to marshal/unmarshal Go structs to/from JSON without the use of reflection. In performance tests, easyjson outperforms the standard encoding/json package by a factor of 4-5x, and other JSON encoding packages by a factor of 2-3x. Easyjson aims to keep...
Inconsistent balance when fee-on transfer tokens.
Lines of code Vulnerability details Impact There are ERC20 tokens that may make certain customizations to their ERC20 contracts. One type of these tokens is deflationary tokens that charge a certain fee for every transfer or transferFrom. Proof of...
Brave Now Lets You Customize Search Results—for Better or Worse
The privacy-focused company's new Goggles tool allows users to weed out the noise—whatever that might mean...
cjs-forms (>=0.0.1 <=1.0.0), output-customization (=1.0.0) potentially affected by unknown CVE via @ve-private/test-helpers (=0.0.1-security.9)
@ve-private/test-helpers NPM version =0.0.1-security.9 is affected by a known vulnerability. The following packages have a transitive dependency on @ve-private/test-helpers and may be impacted: - cjs-forms =0.0.1, =1.0.0 - output-customization =1.0.0 Source cves: unknown CVE Source advisory:...
MAL-2022-1360 Malicious code in azure-output-customization-samples-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d5ff919587c11d92bc45cd5aac11848d661f31e8faf9472c84d1b15213cc8df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in azure-output-customization-samples-ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d5ff919587c11d92bc45cd5aac11848d661f31e8faf9472c84d1b15213cc8df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)
Updates 06-20 CVE-2022-22980 is published 06-20 Spring Data MongoDB 3.4.1 and 3.3.5 are available Table of Contents Overview Vulnerability Am I Impacted Status Suggested Workarounds Overview We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the followi...
Admin-Panel_Finder - A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)
A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification : Web Application Security Testing 02-Configuration and Deployment Management Testing OTG v4 : OWASP OTG-CONFIG-005 WSTG : WSTG-CONF-05 Why should I use this extension?...
CVE-2022-22257
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity...
CVE-2022-22257
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity...
CVE-2022-22257
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity...
Design/Logic Flaw
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity...
CVE-2022-22257
CVE-2022-22257 affects Huawei HarmonyOS through the customization framework, with root cause described as improper permission control/improper privilege restrictions. Multiple connected sources (NVD, Red Hat, CNVD and others) describe potential impact to data/system integrity but do not provide p...
CVE-2022-22257
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity...
ScheduleRunner - A C# Tool With More Flexibility To Customize Scheduled Task For Both Persistence And Lateral Movement In Red Team Operation
Scheduled task is one of the most popular attack technique in the past decade and now it is still commonly used by hackers/red teamers for persistence and lateral movement. A number of C tools were already developed to simulate the attack using scheduled task. I have been playing around with some...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. The Huawei HarmonyOS customization framework is vulnerable to an authorization issue. The vulnerability stems from improper privilege restrictions. An attacker could exploit the vulnerability to compromise system integrity...
OPENSUSE-SU-2022:0083-1 Security update for weechat
This update for weechat fixes the following issues: update to 3.2.1: CVE-2021-40516: relay: fix crash when decoding a malformed websocket frame boo1190206 update to 3.2 main changes: use XDG directories by default config, data, cache, runtime add support of IRC SASL mechanisms SCRAM-SHA-1,...
MISP 安全漏洞
MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics with features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.156, which stems from a local...
Custom Breadcrumbs - Less critical - Cross Site Scripting - SA-CONTRIB-2022-024
The Custom Breadcrumbs module provides a variety of options for customizing the breadcrumb trail. The module doesn't sufficiently filter on output, leading to a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...