GHSA-2F58-VF6G-6P8X MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

Backpack\CRUD for Laravel XSS Vulnerability

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...

GHSA-RF66-HMQF-Q3FC Improper Neutralization of Input During Web Page Generation in Select2

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

Cross-site Scripting (XSS)

Overview katello is a package that adds Content and Subscription Management to Foreman Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Subscriptions component, due to insufficient organization name sanitization in SelectOrg/SetOrganization.js and...

MediaTek imgsensor 缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called MediaTek. A security vulnerability exists in the MediaTek imgsensor, which stems from a lack of bounds checking, and may result in out-of-bounds writes, which can be exploited by an attacker to cause a local privilege...

EulerOS 2.0 SP5 : mariadb (EulerOS-SA-2022-1543)

According to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expression CTE...

PT-2022-13096 · WordPress · Mycred

Name of the Vulnerable Software and Affected Versions: myCred WordPress plugin versions prior to 2.4.4.1 Description: The issue affects the myCred WordPress plugin, where the mycred-tools-select-user AJAX action lacks authorization, allowing any authenticated user to retrieve all email addresses...

CVE-2022-27885

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters...

CVE-2022-26573

Maccms v10 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities in /admin.php/admin/art/data.html via the select and input parameters...

PT-2022-17937

Name of the Vulnerable Software and Affected Versions Maccms version 10 Description The issue is related to multiple reflected cross-site scripting XSS vulnerabilities. These vulnerabilities are found in the /admin.php/admin/art/data.html endpoint via the select and input parameters...

GHSA-3P22-GHQ8-V749 Renderers can obtain access to random bluetooth device without permission in Electron

Impact This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device...

PT-2022-15061 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions prior to 17.0.0-alpha.6 Electron versions prior to 16.0.6 Electron versions prior to 15.3.5 Electron versions prior to 14.2.4 Electron versions prior to 13.6.6 Description: A vulnerability in Electron allows renderers to...

Electron 安全漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium and can be used to write cross-platform desktop applications using HTML and CSS. A security vulnerability exists in Electron, which allows the...

OESA-2022-1587 mariadb security update

MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...

CVE-2022-22353

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480...

CVE-2022-22353

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480...

Information disclosure

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480...

IBM Big SQL 缓冲区错误漏洞

IBM Big SQL is an enterprise-class, ANSI-compliant, hybrid SQL -on-Hadoop engine from IBM USA that provides massively parallel processing MPP and advanced data querying. A buffer error vulnerability exists in IBM Big SQL that allows an authenticated user with appropriate privileges to obtain...

IBM Cloud Pak for Data 安全漏洞

IBM Big SQL is an enterprise-class, ANSI-compliant hybrid SQL-on-Hadoop engine from IBM that provides massively parallel processing MPP and advanced data querying.IBM Big SQL contains a security vulnerability that could be exploited to allow an authenticated user with appropriate privileges to...

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL

Summary A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS SELECT … WITH DATA statement. The newly created table contains unmasked data. Vulnerability Details CVEID:CVE-2022-22353 DESCRIPTION: IBM Big SQL could allow an authenticated...