4166 matches found
Security Bulletin: A security vulnerability in Nodejs node-fetch affects IBM Cloud Pak for Multicloud Management Managed Services
Summary Security Bulletin: A security vulnerability in Nodejs node-fetch affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details CVEID:CVE-2022-0235 DESCRIPTION: Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive information, caused b...
PT-2022-24620 · Unknown · Baijiacmsv4
Name of the Vulnerable Software and Affected Versions: baijiacmsV4 version 4.1.4 Description: A Server-Side Request Forgery SSRF issue exists in the fetch net file upload function, allowing remote attackers to force the application to make arbitrary requests by injecting arbitrary URLs into the u...
Gitea 1.16.6 Remote Code Execution
Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...
Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
Exploit Title: Gitea Git Fetch Remote Code Execution Date: 09/14/2022 Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea...
CVE-2022-38770
The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to fetch other users' data upon a successful login request...
CVE-2022-38770
The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to fetch other users' data upon a successful login request...
MAL-2022-3014 Malicious code in fetch-xd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50f954028686092185e082e62b12f2ed4971d5786028fa45ef7e77579fe916b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fetch-xd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50f954028686092185e082e62b12f2ed4971d5786028fa45ef7e77579fe916b9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3967 Malicious code in isomorphi-cetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e1e43045eadbf99f5d51f8f96699e59c9865577b1351c4fab7b826366b109e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3966 Malicious code in isomorphceftch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89443e6b76432ccff6b8c99525082bc916344a2a69f27d8d5191c326023a27c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in fetch-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ae97c4c34e165dcc455869fbf2da4d3535aff6c425c2add9379cd2b8b9cfe7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3013 Malicious code in fetch-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9ae97c4c34e165dcc455869fbf2da4d3535aff6c425c2add9379cd2b8b9cfe7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10092-1 Rating: important References: 1202075 Cross-References: CVE-2022-2603 CVE-2022-2604 CVE-2022-2605 CVE-2022-2606 CVE-2022-2607 CVE-2022-2608 CVE-2022-2609 CVE-2022-2610 CVE-2022-2611 CVE-2022-2612...
Visual Portfolio < 2.19.0 - Contributor+ CSS Injection
The plugin does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts The postid is the ID of a saved layout As a contributor, get a REST nonce via...
CVE-2022-2610
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
DEBIAN-CVE-2022-2610
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-2610
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
UBUNTU-CVE-2022-2610
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2022-2610
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Design/Logic Flaw
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page...