Malicious code in wm-package-json-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80f5bf43e02aede17bce329245d3d725df86c2647fc515065fba8f0c7961f728 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7194 Malicious code in wm-grunt-module-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0144eb5a5379973adb84fce29202e3214f1bb5b65e7862c5865441b7b371d852 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-7199 Malicious code in wm-package-json-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80f5bf43e02aede17bce329245d3d725df86c2647fc515065fba8f0c7961f728 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in validate-order (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1287f30b79a649e97efdcbe3b17cdeaeb6766e487b071cdeb18f6a599506ffd1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-21252

A flaw was found in jQuery-validate. There is an issue where it contains one or more regular expressions vulnerable to a Regular Expression Denial of Service ReDoS...

CLSA-2022-1654526615 Fixed CVE-2021-21705 in php-1.module_el8.5.0+2055+cc873159.tuxcare.els3

CVE-2021-21705: Fix SSRF bypass in FILTERVALIDATEURL adding additional check ups...

Auth0 Passport-SharePoint does not validate JWT signature

Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signature of an Access Token before processing. This allows attackers to forge tokens and bypass authentication and authorization mechanisms...

GHSA-5R7W-PJX8-99QG JBoss KeyCloak Open Redirect

JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL...

GHSA-QPG9-83FV-X9CH Improper Neutralization of Input During Web Page Generation in Jenkins

The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-30284

Removed by vendor...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-3a63897745)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc34

Protoc plugin to generate polyglot message validators...

[SECURITY] Fedora 35 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc35

Protoc plugin to generate polyglot message validators...

Potential Captcha Validate Bypass in flask-session-captcha

Impact flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. The captcha.validate function would return None if passed no value e.g. by submitting a request with an empty form. If implementing users were checking th...

Insecure Return Value

flasksessioncaptcha has insecure return value. The vulnerability exists in validate function in init.py because it returns None instead of False if no value passed which allows an attacker to bypass the checks...

ALPINE-CVE-2022-24792

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length...

Cross-site Scripting (XSS)

xml2rfc is vulnerable to cross-site scripting. The vulnerability exists in the validate function in base.py due to lack of input validation which allows an attacker to inject and craft svg images embedded with malicious scripts...

GSD-2022-1002256 udmabuf: validate ubuf->pagecount

udmabuf: validate ubuf-pagecount This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.189 by commit 5d50f851dd307c07ca5591297093f19967c834a9, it...