OESA-2022-1704 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes wit...

MAL-2022-6723 Malicious code in ual-reactjs-renderer-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51f103cbd42e4c8208e6cc75f422cc09ce4766ad160032a8fbd7529826851757 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6791 Malicious code in universal-authenticator-library-js-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 634c9abec0578ad529a15e3faab7ef695e47e5a1b95299329e27a8ca7e00e22f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-42013 C implementation of the infamous Apache 2.4.50...

CVE-2021-32642

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS RadSec RADIUS transports. Missing input validation in radsecproxy's naptr-eduroam.sh and radsec-dynsrv.sh scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Informatio...

Spring for GraphQL 1.0 Release

On behalf of the Spring for GraphQL team and every contributor, it is my pleasure to announce the 1.0 GA release. Its been 10 months since the project was announced and under 2 years since the first commit, unremarkably called "first commit". The project began with the modest goal to replace the...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2012-6551 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2012-6551 Source advisory: OSV:GHSA-34FP-XVXP-RG22...

com.approvaltests:approvaltests-hadoop (>=2.0.0 <=7.0.0), io.brooklyn.example:brooklyn-example-hello-world-hadoop-webapp (>=0.4.0 <=0.7.0-M1) +6 more potentially affected by CVE-2012-4449 via org.apache.hadoop:hadoop-client (>=1.0.2 <=1.0.3)

org.apache.hadoop:hadoop-client MAVEN version =1.0.2, =2.0.0, =0.4.0, =0.12, =0.13, =0.3.0-incubating, =0.4.0-incubating, =0.3.0-incubating, =0.6.0 Source cves: CVE-2012-4449 Source advisory: OSV:GHSA-Q46V-CJ5V-HVG6...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +134 more potentially affected by CVE-2013-2251 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.15)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.2.0, =1.0.3, =0.6, =3.0, =5.0.1 - com.google.inject.extensions:guice-struts2-plugin =2.0 - com.google.inject.integration:guice-struts2-plugin =1.0 - com.googlecode.rapid-framework:rapid-core =4.0 and more Source cves:...

africa.absa:inception-reporting (>=1.0.0 <=1.2.0), africa.absa:inception-reporting-api (>=1.0.0 <=1.2.0) +1448 more potentially affected by CVE-2017-9096 via com.lowagie:itext (>=1.3 <=4.2.2)

com.lowagie:itext MAVEN version =1.3, =1.0.0, =1.0.0, =0.1.0, =2.0.7, =1.0.0, =1.0.7, =5.0.0, =1.0.0, =1.0, =1.0, =1.0, =0.0.1, =0.0.1, =1.1.8, =2.4.0 and more Source cves: CVE-2017-9096 Source advisory: OSV:GHSA-86P9-X5PW-94QX...

Securimage HTML Injection

HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...

be.dnsbelgium:rdap-server (>=0.3.3 <=1.0.3), com.arsframework:ars-module-cms (>=1.0.0 <=1.1.4) +379 more potentially affected by CVE-2014-0097 via org.springframework.security:spring-security-core (>=3.1.0.RELEASE <=3.1.4.RELEASE)

org.springframework.security:spring-security-core MAVEN version =3.1.0.RELEASE, =0.3.3, =1.0.0, =1.0.0, =1.0.0, =1.2.1, =1.2.1, =1.3.6, =1.0.0-alpha2, =1.5, =1.0.0, =3.0.4, =3.0.5 - com.github.ptomli.bedrock:bedrock-core =1.0.0 - com.github.yongjacky:jee.borneo.miri =1.1.6 -...

DEBIAN-CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a /.ssh/authorizedkeys file. NOTE: WinRAR and Android RAR are unaffected...

Apache Tomcat Example Application CSRF and XSS Vulnerabilities

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

GHSA-G77G-VJJM-X83J Apache Tomcat Example Application CSRF and XSS Vulnerabilities

Cross-site request forgery CSRF vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters...

GHSA-8G4F-FH7F-4FWH Apache Tomcat Default Installation Reveals Sensitive Information

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the 1 SnoopServlet or 2 TroubleShooter example servlets...

Git-Dumper - A Tool To Dump A Git Repository From A Website

A tool to dump a git repository from a website. Install This can be installed easily with pip: pip install git-dumper Usage usage: git-dumper options URL DIR Dump a git repository from a website. positional arguments: URL url DIR output directory optional arguments: -h, --help show this help...

PT-2022-19687 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 2.0.0 Description: The issue is related to a heap-based buffer over-read in the gp rtp builder do hevc function, located in the ietf/rtp pck mpeg4.c file. This problem is demonstrated by MP4Box. Recommendations: For GPAC version...

Maat - Open-source Symbolic Execution Framework

Maat is an open-source Dynamic Symbolic Execution and Binary Analysis framework. It provides various functionalities such as symbolic execution, taint analysis, constraint solving, binary loading, environment simulation, and leverages Ghidra's sleigh library for assembly lifting: https://maat.re...

CVE-2022-24229

A cross-site scripting XSS vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor...