PT-2022-17823 · Baxter · Baxter Spectrum Wireless Battery Module

Name of the Vulnerable Software and Affected Versions: Baxter Spectrum Wireless Battery Module WBM affected versions not specified Description: The issue concerns the storage of network credentials and Protected Health Information PHI in unencrypted form, specifically applicable to Spectrum IQ...

OpenJDK: Multiple Vulnerabilities

Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

CVE-2022-27664

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error...

The vulnerability of the Go programming language’s compress/gzip package, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language’s compress/gzip package is related to unmanaged recursion. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

mysql: C API unspecified vulnerability (CPU Oct 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks

.jpg The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control C2 infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-Ju...

The vulnerability of the API interface of the code deployment, management, and collaboration tool based on Git Bitbucket Server and Data Center allows a hacker to execute arbitrary code.

The vulnerability of the API interface for code deployment, management, and collaboration based on Git Bitbucket Server and Data Center is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted HTTP...

PT-2022-9174 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman affected versions not specified Description: A flaw was found in the Foreman project, specifically in the Datacenter plugin, which exposes the password through the API to an authenticated local attacker with view hosts permission. Thi...

Ubuntu: Security Advisory (USN-74-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.8 through prior to 6.11 P3 6.11.0.3 that stems from the inclusion of incorrect API access controls in a multi-instance system, which can compromise...

Cisco ACI Multi-Site Orchestrator 安全漏洞

Cisco ACI Multi-Site Orchestrator is a multi-site orchestrator from Cisco. It provides consistent network and policy orchestration, scalability, and disaster recovery across multiple data centers through a single management platform, while allowing data centers to go wherever the data is. A...

Ropr - A Blazing Fast Multithreaded ROP Gadget Finder. Ropper / Ropgadget Alternative

ropr is a blazing fast multithreaded ROP Gadget finder What is a ROP Gadget? ROP Return Oriented Programming Gadgets are small snippets of a few assembly instructions typically ending in a ret instruction which already exist as executable code within each binary or library. These gadgets may be...

CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

PT-2022-22570 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools affected versions not specified Description: A segmentation violation was discovered in SWFTools via the /multiarch/memset-vec-unaligned-erms.S API endpoint. Recommendations: At the moment, there is no information about a newer versi...

Fedora: Security Advisory for squirrel (FEDORA-2022-e81c0db364)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

AZL-10539 CVE-2022-32189 affecting package golang for versions less than 1.18.5-1

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service...

AZL-79116 CVE-2022-1705 affecting package golang 1.25.7-1

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

[SECURITY] Fedora 35 Update: squirrel-2.2.5-25.fc35

Squirrel is a high level imperative/OO programming language, designed to be a powerful scripting tool that fits in the size, memory bandwidth, and real-time requirements of applications like games...

Out-of-bounds Write to API in vim/vim

...