8751 matches found
The Forecast Is Flipped: Flipping L&D to Ensure Continuous Growth
At Rapid7, we staunchly believe that our people are central to upholding our mission and embodying our core values to ultimately drive our customers into a more secure future. For this reason, Rapid7 works tediously to ensure that our Moose have ample opportunities to learn and grow in their...
CVE-2022-33704
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities...
JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection
Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerability CWE-89. Impact An attacker may execute an arbitrary SQL command. Data in websites built using the product may be alter...
SUSE: Security Advisory (SUSE-SU-2022:2357-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-G688-7J3C-H9F3 Known v1.3.1 Cross-site Scripting
A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...
Known v1.3.1 Cross-site Scripting
A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...
SUSE: Security Advisory (SUSE-SU-2022:2312-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment allows a perpetrator to execute arbitrary code or gain full control over the application.
The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment relates to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely or gain full control over the application using the HTT...
The vulnerability of the Scripting component of the Java Runtime Environment and the Java Development Kit, which allows attackers to influence the integrity, accessibility, and confidentiality of protected information.
The vulnerability of the Scripting component of the Java Runtime Environment and the Java Development Kit application development tools is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker to influence the integrity, accessibility, and...
Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two doze...
USN-5501-1: Django vulnerability
It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information...
[SECURITY] Fedora 36 Update: golang-github-hashicorp-hclog-0.15.0-5.fc36
Go-hclog is a package for Go that provides a simple key/value logging interfa ce for use in development and production environments...
Tuleap Information Disclosure Vulnerability
Tuleap is an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. An information disclosure vulnerability exists in versions prior to Tuleap 13.9.99.58 that stems from not properly...
Design/Logic Flaw
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create ...
CVE-2022-31058
Tuleap SQL injection (CVE-2022-31058) affects Tuleap versions prior to 13.9.99.95. The issue arises from improper input sanitization when constructing SQL against tracker reports, enabling an attacker who can create a new tracker to execute arbitrary SQL queries. Connected sources corroborate imp...
CVE-2022-31063
Tuleap vulnerable before version 13.9.99.111 due to improper escaping of the document title in the MyDocmanSearch widget results and in the locked documents administration page. This can allow a malicious user who can create a document to trigger arbitrary code execution on a victim’s system. Aff...
CVE-2022-31032
Tuleap prior to version 13.9.99.58 is affected. The vulnerability arises from improper authorization verification when creating projects or trackers from template projects, allowing information disclosure from those templates. Remediation: upgrade to Tuleap 13.9.99.58 or newer. The available sour...
CVE-2022-33037
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file...
GSD-2022-1003672 kernfs: Separate kernfs_pr_cont_buf and rename_lock.
kernfs: Separate kernfsprcontbuf and renamelock. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...
RLSA-2022:5317 Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write CVE-2022-29824 For more details about the security issues, including the impact, a CVSS score,...