UBUNTU-CVE-2021-45327

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code...

Description of the security update for Office Web Apps Server 2013: February 8, 2022 (KB5002149)

Description of the security update for Office Web Apps Server 2013: February 8, 2022 KB5002149 Summary This security update resolves a Microsoft Excel information disclosure vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-22716...

RUSTSEC-2022-0041 Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64

Impact Affected versions of this crate incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a 32-bit target can be smaller than AtomicI,U64. This can cause the following problems: - Unaligned memory accesses - Data race Crates usin...

The vulnerability of the PIL.ImageMath.eval component in the Python Pillow image processing library, which is related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.

The vulnerability of the PIL.ImageMath.eval function in the Python Pillow library is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the system by sending a specially crafted file to the vulnerable library...

TIBCO Security Advisory: February 15, 2022 - TIBCO AuditSafe -2022-22770

TIBCO AuditSafe API Authentication vulnerability Original release date: February 15, 2022 Lastrevised: --- CVE-2022-22770 Source: TIBCOSoftware Inc. Products Affected TIBCO AuditSafe versions 1.1.0 and below The following component is affected: Web Server Description The component listed above...

Sandbox Bypass

Overview jailed is an a small JavaScript library for running untrusted code in a sandbox. Affected versions of this package are vulnerable to Sandbox Bypass via an exported alert method which can access the main application. Exported methods are stored in the application.remote object. PoC js...

What is threat modeling ❓ Definition, Methods, Example

Threat modeling is a method for upgrading the security of an application, system, or business process by distinguishing objections and weaknesses, just as carrying out countermeasures to stay away from or alleviate the impacts of structure dangers. Threat modeling supports recognizing the securit...

JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...

Test update for SUSE:SLE-15-SP2:Update (security) (important)

openSUSE Security Update: Test update for SUSE:SLE-15-SP2:Update security Announcement ID: openSUSE-SU-2022:0277-1 Rating: important References: 1194507 Affected Products: openSUSE Leap 15.4 openSUSE Leap 15.3 An update that contains security fixes can now be installed. Description: This is a...

Prototype Pollution

keyget is vulnerable to prototype pollution. The vulnerability exists in set and push methods of index.js because the validations are not handled properly which allows an attacker to inject properties into existing construct prototypes and modify attributes...

Authentication flaw

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2 even without server authentication...

Big Mother is watching: What parents REALLY think about tracking their kids

Every year on Data Privacy Day, we’re greeted with countless arguments about the absolute merits of data privacy protections good, invasions bad, but we rarely see a faithful, factual accounting for the biggest data privacy conundrum facing billions of people every single day: Should parents inva...

Foxit PDF Reader和Foxit PDF Editor 缓冲区错误漏洞

Foxit PDF Reader is a PDF reader. Foxit PDF Reader handles a buffer overflow vulnerability in some Javascript methods, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the application or execute arbitrary code in the...

Exposed Dangerous Method or Function

Overview guake is a Guake Terminal Affected versions of this package are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via...

JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2022:0182-1 Rating: important References: 1194019 Cross-References: CVE-2019-8766 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803...

SSON not working with Microsoft Edge, Google Chrome and Firefox . Message "No logon methods are available on this platform" is seen.

After logging on to Chrome,Edge or Firefox this message is seen. No logon methods are available on this platform" After browsing to the Storefront URL a screen appears asking to detect if Citrix Workspace App ininstalled . Then this screen is seen...

CVE-2022-23106

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

Security update for python39-pip (moderate)

openSUSE Security Update: Security update for python39-pip Announcement ID: openSUSE-SU-2022:0064-1 Rating: moderate References: 1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 SUSE: 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 An updat...

The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?

Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to policymakers, researchers and users themselves. Tracking the trackers is the name of the game. Give up some of your data voluntarily to stop the involuntary collection by...