Design/Logic Flaw

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

PT-2022-24929 · Metabase · Metabase

Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.41.9, 0.42.6, 0.43.7, 0.44.5, 1.41.9, 1.42.6, 1.43.7, and 1.44.5 Description: The issue allows Remote Code Execution RCE in Metabase, a data visualization software, when users can write SQL queries on H2 databases...

CVE-2022-39361 Metabase vulnerable to Remote Code Execution via H2

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...

GHSA-C33W-PM52-MQVF @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

Description Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did n...

@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

Description Due to the common practice of providing vulnerability details in markdown format, the Dependency-Track frontend renders them using the JavaScript library Showdown. Showdown does not have any XSS countermeasures built in, and versions before 4.6.1 of the Dependency-Track frontend did n...

CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

[SECURITY] Fedora 37 Update: moby-engine-20.10.18-1.fc37

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

Fedora: Security Advisory for moby-engine (FEDORA-2022-8298607490)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: moby-engine-20.10.18-1.fc36

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

This Week in Spring - September 5th, 2022

Hi, Spring fans! How are you? Its a fantastic Tuesday, the 5th of September, 2022, and I couldnt be happier. Its also Labor Day weekend here in the US. It marks the unofficial end of summer, which is a bit sad. But, on the upside, its a four-day weekend for me! Im technically off today. So, youll...

databases.dublincity.ie Cross Site Scripting vulnerability OBB-2892595

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

编号已被CVE保留

No details are available at this time...

databases.dublincity.ie Cross Site Scripting vulnerability OBB-2866232

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Ubuntu: Security Advisory (USN-78-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

A Bootiful Podcast: Fellow Java Champion and TimescaleDB developer advocate Christoph Engelbert

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to fellow Java Champion and TimescaleDB developer advocate Christoph Engelbert @noctarius2k about PostgreSQL, Java, time series databases, observability, and so much more...

编号已被CVE保留

No details are available at this time...

编号已被CVE保留

No details are available at this time...

[SECURITY] Fedora 35 Update: libldb-2.4.4-1.fc35

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

Database Integrity Vulnerabilities in Boeing’s Onboard Performance Tool

This post is released in a co-ordinated manner with Boeing. TL;DR: Security gaps in older, unprotected Windows desktop versions of Boeing’s Onboard Performance Tool OPT could make certain Electronic Flight Bags EFB more susceptible to attack. In particular, OPT’s use of plain text configuration...

vulhub

This is an offensive tool repository for testing and demonstrating vulnerabilities in various software and systems. The repository is maintained by Vulhub, a community-driven project that aims to provide a comprehensive collection of vulnerable environments for testing and learning purposes. The...