Design/Logic Flaw

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user in a privileged network position may be able to intercept mail credentials...

Spotlight: Women of Coalfire part 3

In this spotlight series, we are recognizing some of the women at Coalfire who have shattered glass ceilings and forged their own paths despite the obstacles they faced. Karen Laughton and Michi Everett are two of these women. Karen was the first female to hold an executive position in delivery a...

CVE-2022-3497

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...

Cross site scripting

A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to laun...

PT-2022-22465 · Sourcecodester · Sourcecodester Human Resource Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Management System version 1.0 Description: A vulnerability was found in the Master List component, where the manipulation of the city, state, country, or position argument leads to cross-site scripting. This issu...

Human Resource Management System 跨站脚本漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A cross-site scripting vulnerability exists in Human Resource Management System version 1.0, which is caused by incorrect manipulation of the parameters city/state/country/position...

Design/Logic Flaw

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information...

CVE-2022-32799

CVE-2022-32799 is an out-of-bounds read issue in macOS components that was fixed by Apple in Security Update 2022-005 for Catalina and in macOS Monterey 12.5. The public description notes that a user in a privileged network position could leak sensitive information, with the remediation being the...

CVE-2022-32799

An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information...

CVE-2022-41220

md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input...

Mozilla Thunderbird Security Advisory (MFSA2022-32) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Security Advisory (MFSA2022-31) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

MGASA-2022-0300 Updated thunderbird packages fix security vulnerability

Mouse Position spoofing with CSS transforms. CVE-2022-36319 Directory indexes for bundled resources reflected URL parameters. CVE-2022-36318...

CVE-2022-32857

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s...

Approved Borrower can can walk away with collateral in leveraged borrowed Position

Lines of code Vulnerability details Impact When an approved borrower calls leveragedPosition , their userBorrowShares and userCollateralBalance values are updated. The borrow will be able to walk away with collateral balance by adding more collateral to pass the isSolvent check and remove all the...

Not calling approve(0) before setting a new approval might cause reverts when used with Tether (USDT)

Lines of code Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's approve function will revert if the current approval is not zero, to protect against front-running changes o...

TypeORM 0.3.7 Information Disclosure Vulnerability

I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...

SUSE-SU-2022:2748-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.12 changed: Support for Google Talk chat accounts removed fixed: OpenPGP signatures were broken when 'Primary Password' dialog remained open fixed: Various security fixes - Security fixes MFSA 2022-31...

thunderbird security update

CentOS Errata and Security Advisory CESA-2022:5773 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

firefox security update

CentOS Errata and Security Advisory CESA-2022:5776 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...