2257 matches found
Tuleap Information Disclosure Vulnerability
Tuleap is an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. An information disclosure vulnerability exists in versions prior to Tuleap 13.9.99.58 that stems from not properly...
Design/Logic Flaw
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create ...
CVE-2022-31058
Tuleap SQL injection (CVE-2022-31058) affects Tuleap versions prior to 13.9.99.95. The issue arises from improper input sanitization when constructing SQL against tracker reports, enabling an attacker who can create a new tracker to execute arbitrary SQL queries. Connected sources corroborate imp...
CVE-2022-31063
Tuleap vulnerable before version 13.9.99.111 due to improper escaping of the document title in the MyDocmanSearch widget results and in the locked documents administration page. This can allow a malicious user who can create a document to trigger arbitrary code execution on a victim’s system. Aff...
CVE-2022-31032
Tuleap prior to version 13.9.99.58 is affected. The vulnerability arises from improper authorization verification when creating projects or trackers from template projects, allowing information disclosure from those templates. Remediation: upgrade to Tuleap 13.9.99.58 or newer. The available sour...
GSD-2022-1003672 kernfs: Separate kernfs_pr_cont_buf and rename_lock.
kernfs: Separate kernfsprcontbuf and renamelock. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...
Moderate: Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Bug Fixes and Enhancements: nodejs:12/nodejs: rebase to last upstream release...
SAP NetWeaver Development Infrastructure跨站脚本漏洞
SAP NetWeaver Development Infrastructure is an SAP company that provides a consistent development environment, development teams, and support for software development throughout the product lifecycle. A cross-site scripting vulnerability exists in SAP NetWeaver Development Infrastructure, which c...
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK allows a hacker to trigger a service failure.
The vulnerability of the Outside In Filters component within the Oracle Outside In Technology SDK set is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to trigger a service failure using the HTTP protocol...
PT-2022-2970 · Intel +9 · Sgx Psw +12
Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Description: The issue is related to incomplete cleanup in specific special register write operations, which may allow an authenticated user to potentially enable information disclosure via...
Security as a differentiator: How to market the secure customer experience
Leveraging software development lifecycle security as a go-to-market differentiator is imperative in setting companies apart from competitors. As Coalfires Cloud Advisory Board and my colleague Gail Coury eloquently pointed out in our recent Securealities Report, Smartest Path to DevSecOps...
CVE-2022-24896
CVE-2022-24896 affects Tuleap versions prior to 13.7.99.239. The vulnerability stems from improper authorization checks when displaying content in the Tracker Report Renderer and Chart widgets, allowing an attacker to disclose the name of trackers and the fields used in reports. Impact is informa...
[SECURITY] Fedora 36 Update: qt5-qtbase-5.15.3-2.fc36
Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling...
SUSE: Security Advisory (SUSE-SU-2022:1891-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: npm: npm ci succeeds when package-lock.json doesn't match package.json CVE-2021-43616 For more details about the security issues, including the...
SUSE: Security Advisory (SUSE-SU-2022:1869-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:1836-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:1833-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:1764-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...