PT-2023-14166 · Ryde · Ryde

Name of the Vulnerable Software and Affected Versions: RYDE application version 5.8.43 Description: The issue is related to information disclosure due to insecure hostname validation, allowing attackers to take over an account via a deep link. This can be exploited in the RYDE application for bot...

CVE-2022-42979

Affected software: Ryde application, version 5.8.43, on Android and iOS. The root cause is insecure hostname validation, leading to information disclosure that can allow account takeover via a deep link. Public sources (NVD/Red Hat) confirm the issue and impact as high (C/H/I/A). The provided doc...

CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...

CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...

Cross site scripting

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...

CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...

CVE-2022-31469

OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /!!&app=%2e./ URI...

PT-2022-20746 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for XSS via a deep link, as demonstrated by class="deep-link-app" for a "/!!&app=%2e./" URI. This can be exploited to execute malicious scripts. Recommendations: For OX Ap...

Important: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.3.4 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS

A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAPSINGLEVALUEARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting...

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite 7.10.6 and prior versions, which stems from a detection mechanism for deep links in emails that allows the injection of references t...

DEBIAN-CVE-2022-45873

systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parseelfobject in shared/elf-util.c. The exploitation methodology is to crash a binary calling the same function recursively, and put it in a deeply nested...

Deep Packet Inspection vs. Metadata Analysis of Network Detection & Response (NDR) Solutions

Today, most Network Detection and Response NDR solutions rely on traffic mirroring and Deep Packet Inspection DPI. Traffic mirroring is typically deployed on a single-core switch to provide a copy of the network traffic to a sensor that uses DPI to thoroughly analyze the payload. While this...

New Research: Optimizing DAST Vulnerability Triage with Deep Learning

On November 11th 2022, Rapid7 will for the first time publish and present state-of-the-art machine learning ML research at AISec, the leading venue for AI/ML cybersecurity innovations. Led by Dr. Stuart Millar, Senior Data Scientist, Rapid7's multi-disciplinary ML group has designed a novel deep...

Prototype Pollution

deep-object-diff is vulnerable to prototype pollution. The library improperly validates the incoming JSON keys, which allows a remote attacker to edit or add new properties to an object through proto attribute...

Prototype Pollution

deep-parse-json is vulnerable to prototype pollution. The library improperly validates the incoming JSON keys, which allows a remote attacker to add new properties to an object through proto attribute...

[Tomo-H1] All funds can drain if some conditions matched

Lines of code Vulnerability details function finalizeWithdrawal uint256 l2BlockNumber, uint256 l2MessageIndex, uint16 l2TxNumberInBlock, bytes calldata message, bytes32 calldata merkleProof external nonReentrant senderCanCallFunctionallowList...

GHSA-FF9J-PWXG-Q5P2 deep-parse-json vulnerable to Prototype Pollution

deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object. This is possible because the application does not correctly validate the incoming JSON keys, thus allowing the proto property to be edited...

@backland/accounts (>=0.1.3-alpha.2022.11.25.20.14.44.0 <=0.1.3-alpha.20221123222206.0), @backland/entity (>=0.1.3-alpha.2022.11.25.20.14.44.0 <=0.1.3-alpha.20221123222206.0) +29 more potentially affected by CVE-2022-41713 via deep-object-diff (=1.1.7)

deep-object-diff NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on deep-object-diff and may be impacted: - @backland/accounts =0.1.3-alpha.2022.11.25.20.14.44.0, =0.1.3-alpha.2022.11.25.20.14.44.0, =0.1.3-alpha.2022.11.25.20.14.44.0,...

@companydotcom/company-skynet-core (>=1.0.2 <=2.0.17), @companydotcom/micro-application-core (>=2.0.7 <=2.0.18-alpha.0) +10 more potentially affected by CVE-2022-42743 via deep-parse-json (>=1.0.1 <=1.0.2)

deep-parse-json NPM version =1.0.1, =1.0.2, =2.0.7, =0.0.1, =0.0.1, =0.0.19, =6.5.7, =5.3.0, =1.0.0, =0.0.6, =0.0.1, =0.0.13 - redux-persist-nedb-storage =0.1.0 Source cves: CVE-2022-42743 Source advisory: OSV:GHSA-FF9J-PWXG-Q5P2...