DEBIAN-CVE-2022-46871

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox 108...

CVE-2022-46871

An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox 108...

Fedora 35 : drupal7-link (2022-74fe01686a)

The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-74fe01686a advisory. - https://www.drupal.org/project/link/releases/7.x-1.11 - SA-CONTRIB-2022-034 - https://www.drupal.org/project/link/releases/7.x-1.10 -...

Mozilla Firefox ESR < 102.6

The version of Firefox ESR installed on the remote Windows host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-52 advisory. - A use-after-free in WebGL extensions could have led to a potentially exploitable crash. CVE-2022-46882 - A missing...

Google Chrome < 108.0.5359.124 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 108.0.5359.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 202212stable-channel-update-for-desktop13 advisory. - Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allow...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security vulnerability that stems from the use of the outdated library libusrsctp...

Mozilla Firefox < 108.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. - Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla...

PT-2022-24153 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Software versions 9.2.1.0 and below Aruba EdgeConnect Enterprise Software versions 9.1.3.0 and below Aruba EdgeConnect Enterprise Software versions 9.0.7.0 and below Aruba EdgeConnect Enterprise Software versions...

Cross-Site Scripting (XSS)

silverstripe/admin is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in vendor.js due to an outdated jquery which allows an attacker to inject and execute arbitrary javascript using a specially crafted proto query string parameter...

GHSA-44XV-V98G-V79F URL XSS vulnerability due to outdated jquery in CMS

Silverstripe silverstripe/framework through 4.11 allows XSS issue 2 of 3...

CVE-2022-38652

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent...

Oracle Linux 8 : ol8addon (ELSA-2022-23681)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-23681 advisory. golang 1.17.13-1.0.1 - Update tarball to 1.17.12 - Add patches between Go 1.17.12 and Go 1.17.13 - Reviewed-by: David Faust 1.17.12-1 - Update Go to...

Adobe: HTML INJECTION on https://adobedocs.github.io/JourneyAPI/ due to outdated SWAGGER UI

Vulnerability description not provided...

PT-2022-21760 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a6 Description: The issue concerns a missing authentication for a critical function in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.0a6, update to version 2.5.0a6 or later ...

Adobe: HTML INJECTION FOUND ON https://adobedocs.github.io/analytics-1.4-apis/swagger-docs.html DUE TO OUTDATED SWAGGER UI

Responsible disclosure of HTML injection. Swagger UI has an interesting feature that allows you to provide a URL to API specification - a yaml or json file that will be fetched and displayed to the user. To do that you have to add a query parameter ?url=https://yourapispec/spec.yaml or...

Vulnerabilities fixed in Cisco TelePresence

Cisco has fixed vulnerabilities in Telepresence Video Communication Server and Touch10 systems. A malicious party could exploit the vulnerabilities in the Telepresence VCS exploited to gain access to sensitive information through cause a Cross-Site-Request-Forgery or a Denial-of-Service. cause...

5 Network Security Threats And How To Protect Yourself

Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the...

Outdated Claims can be created which will potentially inflate the vested amounts

Lines of code Vulnerability details Overview In creating claims, the VTVLVesting contract uses various time related variables including startTimestamp and endTimestamp which determines when the linear vesting starts and ends consecutively. This is visible in the createClaim , createClaimsBatch an...

GHSA-RC23-XXGQ-X27G wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years a...

CVE-2022-38788

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and after offline cracking retrieve the PIN and LTK long-term key...