PT-2022-4597

Name of the Vulnerable Software and Affected Versions client golang versions prior to 1.11.1 Description The HTTP server in client golang is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. To...

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

Twitter cans 2FA service provider over surveillance claims

Twitter is transitioning away from from its two-factor authentication 2FA provider, Mitto AG, a Swiss communications company. The social media giant broke the news to US Senator Ron Wyden of Oregon. It is noted that Twitters decision to move away from Mitto AG came after allegations that its...

gitea < 1.11.2 RCE Vulnerability

Gitea is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

U.S. Arrests Two and Seizes $3.6 Billion Cryptocurrency Stolen in 2016 Bitfinex Hack

The U.S. Justice Department DoJ on Tuesday announced the arrest of a married couple in connection with conspiring to launder cryptocurrency worth $4.5 billion that was siphoned during the hack of the virtual currency exchange Bitfinex in 2016. Ilya Lichtenstein, 34, and his wife, Heather Morgan,...

Remote Code Execution (RCE)

github.com/go-gitea/gitea is vulnerable to remote code execution. The vulnerability exists because of the reliance on protection mechanism of HTTP permission methods, allowing an attacker to bypass intended access restrictions and to perform the malicious operations remotely...

Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

GHSA-JRPG-35HW-M4P9 Capture-replay in Gitea

Gitea is a project to help users set up a self-hosted Git service. Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. This could allow a remote malicious user to execute arbitrary code...

CVE-2021-45327

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code...

Code injection

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code...

UBUNTU-CVE-2021-45327

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code...

Description of the security update for Office Web Apps Server 2013: February 8, 2022 (KB5002149)

Description of the security update for Office Web Apps Server 2013: February 8, 2022 KB5002149 Summary This security update resolves a Microsoft Excel information disclosure vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-22716...

RUSTSEC-2022-0041 Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64

Impact Affected versions of this crate incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a 32-bit target can be smaller than AtomicI,U64. This can cause the following problems: - Unaligned memory accesses - Data race Crates usin...

The vulnerability of the PIL.ImageMath.eval component in the Python Pillow image processing library, which is related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.

The vulnerability of the PIL.ImageMath.eval function in the Python Pillow library is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the system by sending a specially crafted file to the vulnerable library...

TIBCO Security Advisory: February 15, 2022 - TIBCO AuditSafe -2022-22770

TIBCO AuditSafe API Authentication vulnerability Original release date: February 15, 2022 Lastrevised: --- CVE-2022-22770 Source: TIBCOSoftware Inc. Products Affected TIBCO AuditSafe versions 1.1.0 and below The following component is affected: Web Server Description The component listed above...

Sandbox Bypass

Overview jailed is an a small JavaScript library for running untrusted code in a sandbox. Affected versions of this package are vulnerable to Sandbox Bypass via an exported alert method which can access the main application. Exported methods are stored in the application.remote object. PoC js...

What is threat modeling ❓ Definition, Methods, Example

Threat modeling is a method for upgrading the security of an application, system, or business process by distinguishing objections and weaknesses, just as carrying out countermeasures to stay away from or alleviate the impacts of structure dangers. Threat modeling supports recognizing the securit...

JDK: IllegalAccessError exception not thrown for MethodHandles that invoke inaccessible interface methods

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...