CVE-2022-40673

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache...

Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002159)

Description of the security update for SharePoint Foundation 2013: September 13, 2022 KB5002159 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

Genymotion Desktop 代码问题漏洞

Genymotion Desktop is an Android emulator from Genymotion. A security vulnerability exists in Genymotion Desktop version 3.2.1, which stems from a missing profapi.dll, and can be exploited by an attacker to use a malicious dll with the same name and gain administrator privileges, as well as execu...

CentOS 8 : ruby:3.0 (CESA-2022:6450)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:6450 advisory. - ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 - ruby: Cookie prefix spoofing in CGI::Cookie.parse...

RHEL 8 : ruby:3.0 (RHSA-2022:6450)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6450 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

PrestaShop Cross-Site Scripting Vulnerability (CNVD-2022-62230)

PrestaShop is an open source e-commerce solution from PrestaShop Inc. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop module 5.0.2 prior versions of cross-site scripting vulnerability, the vulnerability stems from t...

Security update for opera (important)

openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2022:10109-1 Rating: important References: Cross-References: CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 Affected...

Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs

A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards NICs. The approach, codenamed ETHERLED, comes from Dr...

PT-2022-37209 · Apache · Apache Commons Jxpath

Name of the Vulnerable Software and Affected Versions: Apache Commons JXPath affected versions not specified Description: A security exception crash has been reported in Apache Commons JXPath. The crash occurs in the org.apache.commons.jxpath.ri.axes package, specifically in the...

SUSE SLES15 Security Update : podman (SUSE-SU-2022:2839-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2839-1 advisory. - A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry...

PT-2022-37197 · Git +1 · Jackson-Modules-Java8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, with details including a crash type and crash state. The crash state involves methods such as fuzzerTestOneInput...

Sql injection

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

CVE-2022-35942 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data...

CVE-2022-35942

The CVE-2022-35942 issue affects loopback-connector-postgresql (LoopBack) where improper input validation of the contains filter allows SQL injection when interpreted by the PostgreSQL connector. A patch was released in loopback-connector-postgresql v5.5.1 to fix this. Impacts include cases where...

GHSA-J259-6C58-9M58 loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

GHSA-9QXH-258V-666C owning_ref vulnerable to multiple soundness issues

OwningRef::mapwithowner is unsound and may result in a use-after-free. - OwningRef::map is unsound and may result in a use-after-free. - OwningRefMut::asowner and OwningRefMut::asownermut are unsound and may result in a use-after-free. - The crate violates Rust's aliasing rules, which may cause...

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 11, 2022 (KB5019077)

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 11, 2022 KB5019077 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE:...

Emerson ControlWave

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ControlWave Vulnerabilities: Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL,” that details vulnerabilities found in multiple...

A Wide Reduction Trick

In line with the original spirit of Cryptography Dispatches, this is a quick1 issue to talk about a neat bit of cryptography engineering I encountered. The structure of an ECC implementation Elliptic curve cryptography implementations all roughly share the following structure: theres a base field...