1001 matches found
GO-2022-0588 Cross-site scripting via leaked style elements in github.com/microcosm-cc/bluemonday
The bluemonday HTML sanitizer can leak the contents of a "style" element into HTML output, potentially causing XSS vulnerabilities. The default bluemonday sanitization policies are not vulnerable. Only user-defined policies allowing "select", "style", and "option" elements are affected. Permittin...
CVE-2022-37010
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed...
CVE-2022-37010
In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed...
CVE-2022-37010
CVE-2022-37010 affects JetBrains IntelliJ IDEA prior to 2022.2, due to missing email address validation in the "Git User Name Is Not Defined" dialog. Root cause: absence of validation in that dialog as described in multiple sources (NVD/Red Hat/CVE records, PT-2022-23755). Reported impact is low ...
Apache Hive 访问控制错误漏洞
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...
GO-2022-0233 Resource exhaustion in github.com/pires/go-proxyproto
The PROXY protocol server does not impose a timeout on reading the header from new connections, allowing a malicious client to cause resource exhaustion and a denial of service by opening many connections and sending no data on them. v0.6.0 of the proxyproto package adds support for a user-define...
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones
A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones and therefore, individuals. The identification, at its core, hinges on imperfections in the Bluetooth...
The vulnerability of the CLI component of Cisco SD-WAN microprogramming software allows a hacker to enhance their privileges.
The vulnerability of the CLI component of Cisco SD-WAN microprogramming software is related to access control deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges by modifying certain files on the vulnerable device...
CANs Reinvent LANs for an All-Local World
In an article I wrote over a year ago called “Securing the New Normal of Network Access,” I presented four access scenarios that modern organizations needed to enable users to stay securely connected and protected in the new normal of a work-from-anywhere world. Of course, “new” is a relative ter...
Cisco SD-WAN vManage Software 信息泄露漏洞
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco, U.S. An information disclosure vulnerability exists in Cisco SD-WAN vManage Software, which could be exploited by attackers to read sensitive information on the underlying...
Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Scale (CVE-2021-39031)
Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Spectrum Scale, which could allow a remote attacker to cause a denial of service. Vulnerability Details CVEID: CVE-2021-39031 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1...
Important: Red Hat Security Advisory: Red Hat Ceph Storage 3 Security and Bug Fix update
An update is now available for Red Hat Ceph Storage 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.10.0 RPM security,enhancement&bugfix update
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
5G: The Final Frontier
5G: The Final Frontier This story was written by Kevin Mcgrath · April 7th, 2022 Today Trellix Threat Labs is excited to announce the release of a whitepaper dedicated to 5G and its potential security concerns. As we look at the potential of 5G, we foresee it impacting nearly every facet of digit...
The vulnerability of the Git-based software platform for collaborative code development on GitLab lies in the ability to create and track user-defined tasks for Sentry errors. This allows a violator to access confidential data and compromise its integrity.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the ability for users to create and track issues for Sentry errors. Exploiting this vulnerability allows a malicious actor to gain access to confidential data and compromise its integri...
Exploit for Incorrect Permission Assignment for Critical Resource in Apache Cassandra
CVE-2021-44521 Automated PoC of CVE-2021-44521 Credits to orig...
Exploit for Incorrect Permission Assignment for Critical Resource in Apache Cassandra
CVE-2021-44521 Automated PoC of CVE-2021-44521 Credits to orig...
Security Bulletin: Datastax Enterprise with IBM is vulnerable to exploiting Apache Cassandra User-Defined Functions for Remote Code Execution
Summary In Datastax Enterprise with IBM, a remote code execution RCE security vulnerability in Apache Cassandra exists and has been assigned to CVE-2021-44521. Vulnerability Details CVEID: CVE-2021-44521 DESCRIPTION: Apache Cassandra could allow a remote authenticated attacker to execute arbitrar...
Apache Cassandra database affected by easily exploitable Remote code execution
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Apache Cassandra is a database software being used by many companies such as Uber, Facebook, Netflix, Twitter, Instagram, Spotify, Instacart, Reddit, and Accenture. A remote code execution flaw CVE-2021-44521 is reported whi...