8752 matches found
Siemens Polarion ALM Host Header Injection Vulnerability
Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release.A security vulnerability exists in Siemens Polarion ALM, which could be exploited by attackers to spoof host...
CVE-2022-23473 Tuleap MediaWiki standalone "readers" can also edit pages
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This on...
CVE-2022-46160
Tuleap dashboards CVE-2022-46160 affects versions prior to 14.2.99.104 (Community Edition) and 14.2-4 / 14.1-5 (Enterprise). The root cause is improper verification of project-level authorizations when accessing a project homepage/dashboards, allowing users not authorized to the project to retrie...
PT-2022-27777 · Tuleap · Tuleap
Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 14.2.99.104 Tuleap Community Edition version 14.2.99.104 Tuleap Enterprise Edition version 14.2-4 Tuleap Enterprise Edition version 14.1-5 Description: Tuleap is an Open Source Suite to improve management of software...
Rapid7 Recognized as a Top Place to Work for 11th Consecutive Year
On November 30th, 2022, Rapid7 was again recognized by The Boston Globe as a Top Place to Work in Massachusetts. This marks the 11th consecutive year Rapid7 has made the list, this time coming in at 3 in the large company category. Top Places to Work rankings are based on a Globe survey that...
SQL Injection Vulnerability in the Unified Management System of Shanghai Inlitech Digital Technology Co.
Ltd. is a company whose business scope includes engaging in technology development in the fields of digital technology, network technology and integrated circuit technology. A SQL injection vulnerability exists in the Unified Management System of Shanghai Inalways Digital Technology Co., Ltd, whi...
GSD-2022-1007890 iio: adc: mp2629: fix potential array out of bound access
iio: adc: mp2629: fix potential array out of bound access This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.80 by commit...
GSD-2022-1007736 kcm: close race conditions on sk_receive_queue
kcm: close race conditions on skreceivequeue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...
SUSE: Security Advisory (SUSE-SU-2022:4335-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:4332-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. PoC js var root = require"create-choo-electron" root.devInstall"./","& touch JHU",function Remediation There is no fixed version for...
ALSA-2022:8833 Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.12.1, nodejs-nodemon 2.0.20. BZ2142818 Security Fixes: nodejs-minimatch: ReDoS vi...
legacydevelopment.co.za Cross Site Scripting vulnerability OBB-3087326
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SQL Injection Vulnerability in Beijing Century Super Star Information Technology Development Co.
Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. Beijing Century Super Star Information Technology Development Limited Liability Company Super Star Huiya Electronic Library...
What Developers Need to Fight the Battle Against Common Vulnerabilities
Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...
SUSE: Security Advisory (SUSE-SU-2022:4296-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2022-5972 · 3S Smart Software Solutions · Codesys Development System V3
Name of the Vulnerable Software and Affected Versions: CODESYS Development System V3 versions prior to V3.5.18.40 Description: The issue is related to inadequate encryption strength, allowing an unauthenticated local attacker to access and manipulate the code of the encrypted boot application. It...
PT-2022-13369 · Unknown · Microweber
Name of the Vulnerable Software and Affected Versions: Microweber version 1.3.1 Description: The issue allows an unauthenticated user to perform an account takeover via a Cross-Site Scripting XSS attack on the select-file parameter. There is a patch available in the development branch, but it has...
SUSE: Security Advisory (SUSE-SU-2022:4202-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerable SDK components lead to supply chain risks in IoT and OT environments
December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...