CVE-2021-36158

In the xrdp package in branches through 3.14 for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used...

CVE-2021-36158

In the xrdp package in branches through 3.14 for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used...

CVE-2021-36158

In the xrdp package in branches through 3.14 for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used...

CVE-2021-36158

In the xrdp package in branches through 3.14 for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used...

Alpine Linux 安全漏洞

Alpine Linux is a lightweight Linux distribution for security applications. A security vulnerability exists in Alpine Linux xrdp version 3.14, which stems from the program's use of pre-generated RSA certificates and private keys, making the session vulnerable to man-in-the-middle attacks...

GHSA-PHJ8-4CQ3-794G Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

Unencrypted storage of client side sessions

Impact The default configuration of client side sessions results in unencrypted, but signed, data being set as cookie values. This means that if something sensitive goes into the session, it could be read by something with access to the cookies. Note: the documentation does point this out and...

GitHub Launches 'Copilot' — AI-Powered Code Completion Tool

GitHub on Tuesday launched a technical preview of a new AI-powered pair programming tool that aims to help software developers write better code across a variety of programming languages, including Python, JavaScript, TypeScript, Ruby, and Go. Copilot, as the code synthesizer is called, has been...

Insecure Temporary File And Folder

openapi-generator-online uses insecure temporary file and folder. The usage of Files.createTempFile to create temporary files and folders allows auto-generated files to be read and modified by any user on the system...

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

CVE-2021-21430

OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...

11-13 year old girls most likely to be targeted by online predators

The Internet Watch Foundation IWF, a not-for-profit organization in England whose mission is "to eliminate child sexual abuse imagery online", has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of th...

CVE-2021-21364

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...

GHSA-HPV8-9RQ5-HQ7W Generated Code Contains Local Information Disclosure Vulnerability

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

PT-2021-14446 · Oracle · Jdk

Name of the Vulnerable Software and Affected Versions: swagger-codegen versions prior to 2.4.19 Description: The issue affects generated code, which remains vulnerable until manually fixed. On Unix-Like systems, the system temporary directory is shared between all local users. When...

Code injection

Marked is an open-source markdown parser and compiler npm package "marked". In marked from version 1.1.1 and before version 2.0.0, there is a Regular expression Denial of Service vulnerability. This vulnerability can affect anyone who runs user generated code through marked. This vulnerability is...

Regular Expression Denial of Service (REDoS) in Marked

Impact What kind of vulnerability is it? Who is impacted? Regular expression Denial of Service A Denial of Service attack can affect anyone who runs user generated code through marked. Patches Has the problem been patched? What versions should users upgrade to? patched in v2.0.0 Workarounds Is...

golang: malicious symbol names can lead to code execution at build time

An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...

GitHub Security Lab: 3,880 Pull Requests Generated to fix JHipster RNG Vulnerability CVE-2019-16303

This bug was reported directly to GitHub Security Lab...

golang: malicious symbol names can lead to code execution at build time

An input validation vulnerability was found in Go. From a generated go file from the cgo tool, it is possible to modify symbols within that object file and specify code. This flaw allows an attacker to create a repository that includes malicious pre-built object files that could execute arbitrary...