Security Bulletin: Potential security vulnerabilities with JavaTM SDKs

Abstract Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Content VULNERABILITY DETAILS: Customers who have Java based applications, such as Maximo Asse...

A Bootiful Podcast: Couchbase and Cloud legend Laurent Doguin

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to his friend, fellow Java Champion, and director of developer relations and strategy at Couchbase, Laurent Doguin @ldoguin SpringOne 2022 is almost here! This is our first in-person event since the pandemic and its when we release...

LastPass Says No User Data Compromised in Cyberattack

By Waqas According to LastPass, threat actor did access its Developer environment but could not compromise sensitive data because of its effective system design and controls. This is a post from HackRead.com Read the original post: LastPass Says No User Data Compromised in Cyberattack...

Missing Transfer Verification

Lines of code Vulnerability details Impact The ERC20 standard token implementation functions return the transaction status as a boolean. It is a good practice to check for the return status of the function call to ensure that the transaction was executed successfully. It is the developer's...

GHSA-9XGJ-FCGF-X6MW Poetry Argument Injection can lead to Local Code Execution

Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...

RHEL 7 : rust-toolset-1.49 and rust-toolset-1.49-rust update (Low) (RHSA-2021:2243)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2243 advisory. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, an...

PT-2022-7176

Name of the Vulnerable Software and Affected Versions Crafter Studio of Crafter CMS affected versions not specified Description The issue is related to an Improper Control of Dynamically-Managed Code Resources vulnerability. This vulnerability allows authenticated developers to execute OS command...

KLA19246 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Visual Studio Code ca...

Integrating Cloud Security With DevOps and CI/CD Tools

This is the latest post in our blog series on shifting left in cloud security. In our last post, we kicked off the series with a high-level overview about Rapid7’s approach to shifting cloud security into the application development lifecycle. For this post, we’ll dive into a key aspect of our...

man2html 缓冲区错误漏洞

man2html is a pure manroff to html converter from the individual developer HAMANO Tsukasa in Japan. A buffer error vulnerability exists in man2html version 1.6g, which stems from a specific string read from a file will overwrite the size parameter in the top block of the heap...

Malicious code in selfbot-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad50680518a318baa91268329849f5e6f2f18ec0474a858615ac9381ec3818cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5999 Malicious code in selfbot-developer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad50680518a318baa91268329849f5e6f2f18ec0474a858615ac9381ec3818cf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

There is a problem with price calculation using BaseV1Pair._getAmountOut.

Lines of code Vulnerability details Impact Currently, it calculates token price with the amount of decimals here and normalizes using 1e18 after that. There are some irregular tokens with small decimals and the token price might be calculated wrongly. Proof of Concept As we can see here, some...

PYSEC-2022-43179

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to th...

CVE-2022-36070

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to th...

Command injection

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

CVE-2022-36069 Poetry Argument Injection vulnerability can lead to local Code Execution

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

Ingredients Stock Management System SQL Injection Vulnerability (CNVD-2023-11176)

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. v1.0 of Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /admin/?page= user/manageuser&id= is missing validation for external input SQ...

Microsoft is committed to the success of Java developers

Hi, Spring fans! This is a guest post from our friend Julia Liuson, President, Developer Division, Microsoft As a company, we are committed to making Java developers as efficient and productive as possible. This commitment means empowering you to use any tool, framework, and application server on...

Ingredients Stock Management System SQL Injection Vulnerability (CNVD-2023-11178)

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. A SQL injection issue exists in the id parameter of the /stocks/manage stockin.php location. No detailed vulnerability details are available at this time...