PT-2022-17565 · Unknown · Static-Dev-Server

Name of the Vulnerable Software and Affected Versions: static-dev-server versions all Description: A path traversal issue affects the package. This occurs because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

Directory Traversal

Overview static-dev-server is an A simple http server to serve static resource files from a local directory and auto reload when file change. Affected versions of this package are vulnerable to Directory Traversal. This is because when paths from users to the root directory are joined, the assets...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : JBIG-KIT vulnerability (USN-5742-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5742-1 advisory. It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using...

GHSA-G56W-CWG4-HXX9 Code injection in quarkus dev ui config editor

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

Code injection in quarkus dev ui config editor

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

Remote code execution

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-38462

Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS by carefully crafting a return URL on a /dev/build or /Security/login request...

CVE-2022-4116

A vulnerability was found in quarkus. This issue occurs in Dev UI Config Editor, which is vulnerable to drive-by localhost attacks leading to remote code execution...

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

PT-2022-6100 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: quarkus affected versions not specified Description: The issue is related to the Dev UI Config Editor component of the quarkus Java framework, which is vulnerable to remote code execution due to incorrect code generation management. This can...

CVE-2022-4116

CVE-2022-4116 affects the Quarkus Dev UI Config Editor (quarkus_dev_ui). It enables drive-by localhost attacks leading to remote code execution. Red Hat's RHSA-2022:9023/8957 include a security fix in the Red Hat build of Quarkus (2.13.5 release) and advise updating; other advisories (GHSA OSV) d...

CVE-2022-38462

CVE-2022-38462 affects SilverStripe framework up to version 4.11.0, enabling XSS via crafted return URLs on /dev/build or /Security/login. Core issue is insufficient sanitization/escaping of user-supplied data in responses. The risk is context-dependent and requires the browser to render PHP warn...

PT-2022-24417 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.11 and earlier Description: The issue allows an attacker to inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a "/dev/build" or "/Security/login" request. ...

Microsoft Warns of Hackers Using Google Ads to Distribute Royal Ransomware

A developing threat activity cluster has been found using Google Ads in one of its campaigns to distribute various post-compromise payloads, including the recently discovered Royal ransomware. Microsoft, which spotted the updated malware delivery method in late October 2022, is tracking the group...

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...

DEV-0569 finds new ways to deliver Royal ransomware, various payloads

Recent activity from the threat actor that Microsoft tracks as DEV-0569, known to distribute various payloads, has led to the deployment of the Royal ransomware, which first emerged in September 2022 and is being distributed by multiple threat actors. Observed DEV-0569 attacks show a pattern of...

Missing Authorization in Jenkins XP-Dev Plugin

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...

GHSA-X9WP-GFRR-P5RP Missing Authorization in Jenkins XP-Dev Plugin

A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to an attacker-specified repository...