CVE-2022-23476

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.12.1. BZ2142809, BZ2142830, BZ2142834, BZ2142856 Security Fixes: nodejs-minimatch...

Android is slowly mastering memory management vulnerabilities

Recently we wrote about why the NSA wants you to shift to memory safe programming languages. The short version is: If you ever read our posts describing security vulnerabilities, you will see a lot of phrases like "buffer overflow", "failure to release memory", "use after free", "memory...

8 Reasons Why Enterprises Use Java

By Owais Sultan Java is one of the most well-known programming languages and software platforms that is used on countless devices… This is a post from HackRead.com Read the original post: 8 Reasons Why Enterprises Use Java...

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

[SECURITY] Fedora 35 Update: python3.10-3.10.8-3.fc35

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

Sophos Firewall SQL注入漏洞

Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows an API client to read the contents of its user's configuration database via SQL injection...

Sophos Firewall SQL注入漏洞

Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows API clients to read the contents of the configuration database in their API controller via SQL injection...

Open-Xchange OX App Suite 资源管理错误漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and prior versions, which stems from insufficiently checking the size of request parameters for certain API endpoints...

PT-2022-27445 · Unknown · Book Store Management System

Name of the Vulnerable Software and Affected Versions: Book Store Management System version 1.0 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book...

The vulnerability of the programming interface of Windows CryptoAPI on Windows operating systems, which allows attackers to perform spoofing attacks

The vulnerability of the Windows CryptoAPI programming interface in Windows operating systems relates to the ability to bypass authentication through spoofing. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

CVE-2022-4045

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data...

[SECURITY] Fedora 37 Update: elixir-1.14.2-1.fc37

Elixir is a programming language built on top of the Erlang VM. As Erlang, it is a functional language built to support distributed, fault-tolerant, non-stop applications with hot code swapping...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from a denial-of-service vulnerability that allows authenticated users to crash the server with multiple requests to the API endpoint, which could potentially...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost Playbooks suffers from a security vulnerability that stems from a denial-of-service vulnerability that allows an authenticated user to crash the server with multiple large requests to the...

FileCloud 安全漏洞

FileCloud is an ultra-secure content collaboration platform from US-based FileCloud, Inc. offering industry-leading compliance, data governance, data leakage protection, data retention and digital rights management capabilities. A security vulnerability exists in FileCloud version 20.2 and later...

Fedora: Security Advisory for python3.10 (FEDORA-2022-462f39dd2f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DSA 5285-1] asterisk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5285-1 [email protected] https://www.debian.org/security/ Markus Koschany November 17, 2022 https://www.debian.org/security/faq -...

CVE-2022-41920 Zip slip in Lancet

Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...

PT-2022-26769 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr Open Source ERP & CRM for Business versions prior to 14.0.1 Description: The issue allows attackers to escalate privileges via a crafted API. Recommendations: For versions prior to 14.0.1, update to version 14.0.1 or later to resolve...