5335 matches found
3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS
Researchers have disclosed details of three new security vulnerabilities affecting operational technology OT products from CODESYS and Festo that could lead to source code tampering and denial-of-service DoS. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of...
CVE-2022-46155
Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...
CVE-2022-46155 Airtable.js credentials exposed in browser builds
Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
Input validation
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
emacs -- arbitary shell command execution vulnerability of ctags
lu4nx reports: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggeste...
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
CVE-2022-45939
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...
HIGH: Vault or pool funds can be stolen by any user who holds LP tokens.
Lines of code Vulnerability details Description The distributeETHRewardsToUserForToken is implemented in SyndicateRewardsProcessor and used in derived contracts: GiantMevAndFeePool and StakingFundsVault. It sends out rewards to the given user according to the current accumulatedETHPerLPShare and...
adobe-source-code-pro-fonts bug fix and enhancement update
An update is available for adobe-source-code-pro-fonts. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see...
Git Source Code Management Code Execution (CVE-2021-21300)
An improper link resolution exists in the checkout mechanism of Git Source Code Management git-scm by Git. An out-of-order checkout triggered by a delayed checkout or checkout-index may result in an improper validation of a file resource type prior to performing a file write operation. A remote...
CVE-2022-38117
The CVE-2022-38117 entry describes Juiker app hard-coding an AES key in its source code. A to-the-point consequence is that a physical attacker who gains Android root privileges can use the embedded key to decrypt users’ ciphertext and tamper with it. The connected documents confirm the root-caus...
CVE-2022-3597
LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemcpy in libtiff/tifunix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...
CVE-2022-3626
LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...
CVE-2022-43423
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...
Design/Logic Flaw
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...
CVE-2022-43423
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...
PT-2022-26907 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin versions 2.0.12 and earlier Jenkins versions 2.318 and earlier, LTS versions 2.303.2 and earlier Description: The issue allows attackers who can control agent processes ...
CVE-2022-43423
CVE-2022-43423 concerns the Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin (versions