CVE-2023-22460

CVE-2023-22460 affects go-ipld-prime’s JSON codec. Encoding data containing a Bytes kind Node with the json codec will pass a Bytes token to the JSON encoder, causing a panic; the issue does not affect the dag-json codec or decoding. The root cause is limited to the json encoder path, and the vul...

[SECURITY] Fedora 36 Update: rust-capnp-0.14.11-1.fc36

Runtime library for Cap'n Proto data encoding...

[SECURITY] Fedora 37 Update: rust-capnp-0.14.11-1.fc37

Runtime library for Cap'n Proto data encoding...

IBM Guardium Data Encryption 安全漏洞

IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption GDE that stems from a loss of encoding or escaping of data. No details of the vulnerability are provided at...

Security Bulletin: IBM Guardium Data Encryption is vulnerable to missing data encoding issue (CVE-2021-39027)

Summary A vulnerability was identified in IBM Guardium Data Encryption GDE. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39027 DESCRIPTION: IBM Guardium Data Encryption GDE prepares a structured message for communication with another component, but encoding...

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

[SECURITY] Fedora 35 Update: protobuf-3.14.0-7.fc35

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

PYSEC-2021-78

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting XSS vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and...

Arbitrary Code Execution

xmlhttprequest is vulnerable to arbitrary code execution. The vulnerability exists through the lack of encoding of data in the this.send function...

MTN Group: RXSS - http://macademy.mtnonline.com

The page located at http://macademy.mtnonline.com suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability that occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject malicious JavaScript that...

PT-2020-8642 · Unknown · Juuko K-808

Name of the Vulnerable Software and Affected Versions: JUUKO K-808 versions prior to numbers ending ...9A, ...9B, ...9C, etc. Description: The issue allows remote attackers to execute commands on vulnerable installations of the equipment. No authentication is required to exploit this issue. The...

Cross site request forgery (csrf)

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

U.S. Dept Of Defense: RXSS - ████

Hello, friends today when I was checking some sites I found this bug on your own website. Detalis XSS Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web...

Information Exposure

Overview activeresource is a library to wrap your RESTful web app with Ruby classes and work with them like Active Record models. Affected versions of this package are vulnerable to Information Exposure. There is an issue with the way Active Resource encodes data before querying the back end...

CarSpot < 2.2.3 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CarSpot – Dealership Wordpress Classified Theme', tested version — v2.2.0: - Authenticated Persistent XSS - Registration Form/User Profile - Authenticated Persistent XSS - Ad Post - IDOR leading to arbitrary deletion of ads Edit WPScanTeam: January...

Cross site scripting

The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...

CVE-2019-13263

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK...

CVE-2019-13266

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds wi...

Design/Logic Flaw

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK...