Microsoft Windows 代码注入漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows OLE. The following products and versions are affected: Windows Server 2008 for 32-bit Systems Service Pack 2 Server Core...

PT-2022-22137 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

Design/Logic Flaw

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

CVE-2022-36048

CVE-2022-36048 concerns Zulip Server prior to 5.6, where an attacker who can send messages can craft image-URLs to bypass the go-camo image proxy and cause the viewer’s IP address and browser fingerprinting information to be inferred via embedded remote images. The vulnerability affects Zulip Ser...

PT-2022-21358 · Estsoft · Estsoft Alyac

Name of the Vulnerable Software and Affected Versions: ESTsoft Alyac version 2.5.8.544 Description: An integer overflow issue exists in the way ESTsoft Alyac parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, potentially resulting in arbitrary code execution. This...

ESTsoft Alyac 输入验证错误漏洞

ESTsoft Alyac is a low-priced comprehensive security software from the Korean company ESTsoft. A security vulnerability exists in ESTsoft Alyac 2.5.8.544, which is caused by an integer overflow in the way an OLE file is parsed, and can be exploited by an attacker to execute arbitrary code...

GSD-2022-1004288 netfs: Fix gcc-12 warning by embedding vfs inode in netfs_i_context

netfs: Fix gcc-12 warning by embedding vfs inode in netfsicontext This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.6 by commit...

[SECURITY] Fedora 36 Update: golang-github-markbates-pkger-0.17.1-6.fc36

Pkger is a tool for embedding static files into Go binaries. It will, hopeful ly, be a replacement for github.com/gobuffalo/packr/v2...

[SECURITY] Fedora 36 Update: golang-github-akavel-rsrc-0.10.2-5.fc36

Tool for embedding binary resources in Go programs...

Mitsubishi Electric GENESIS64和Mitsubishi Electric ICONICS Suite 路径遍历漏洞

ICONICS GENESIS64 is a suite of advanced HMI SCADA solutions designed for Microsoft operating systems from ICONICS, Inc. A path traversal vulnerability exists in ICONICS GENESIS64 versions 10.97 and 10.97.1, which allows a remote, unauthenticated attacker to access arbitrary files in the GENESIS6...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Vinay Kumar and Chintan Shah · July 19, 2022 Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned CVE-2022-30190 in Microsof...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Trellix · July 19, 2022 This blog was also written by Chintan Shah Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned...

[SECURITY] Fedora 35 Update: golang-github-akavel-rsrc-0.10.2-4.fc35

Tool for embedding binary resources in Go programs...

Internet Bug Bounty: Node.js - DLL Hijacking on Windows

Full Node.js Security Releases - summarizing the issue is here:https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ The original Node.js HackerOne report is here: https://hackerone.com/bugs?reportid=1447455 ----- Node.js versions earlier than 16.16.0 LTS and 14.20.0 are vulnerabl...

CVE-2022-33154

The schema aka Embedding schema.org vocabulary extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS...

July 5, 2022, update for Office 2016 (KB5002226)

July 5, 2022, update for Office 2016 KB5002226 This article describes update 5002226 for Microsoft Office 2016 that was released on July 5, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...

Huawei MindSpore Community 缓冲区错误漏洞

Huawei MindSpore Community is an open source deep learning framework from Huawei, China. Huawei MindSpore Community suffers from an information disclosure vulnerability that stems from accessing a shape allocated from the heap buffer if the input shape size is 0 when performing inferred shape...

cockpit security, bug fix, and enhancement update

264.1-1.0.1 - Remove duplicate reference to server in cockpit Orabug: 33862832 - Update documentation links Orabug: 32795691 - Make documentation links point to Oracle Linux information Orabug: 30271413 Orabug: 32013095 - Fix rendering of hwinfo page on systems with some empty memory slots Orabug...

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description...

Joomla! 2.5.x < 3.10.7 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.10.7 or 4.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities. - Extracting an specifilcy crafted tar package could write files outside of the intended path...