Skip to content

TechMedia

Header Image
Category

HIGH

385 Posts

Featured

Posted byWpmaster
[Microsoft.NetCore.App.Runtime.win-arm] .NET Remote Code Execution Vulnerability
Posted byWpmaster
[github.com/traefik/traefik/v2] Traefik HTTP header parsing could cause a denial of service
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Exposure of Sensitive Information Through Metadata
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to Insertion of Sensitive Information Into Sent Data

[org.apache.shardingsphere:shardingsphere-proxy] Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability

  • Posted inHIGH
  • Posted byWpmaster
  • 12/22/202212/23/2022

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn’t cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL clie…

[jsonwebtoken] jsonwebtoken has insecure input validation in jwt.verify function

  • Posted inHIGH
  • Posted byWpmaster
  • 12/22/202212/28/2022

Overview
For versions <=8.5.1 of jsonwebtoken library, if a malicious actor has the ability to modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can gain remote c…

[dustjs-linkedin] dustjs-linkedin vulnerable to Prototype Pollution

  • Posted inHIGH
  • Posted byWpmaster
  • 12/22/202212/29/2022

A vulnerability was found in LinkedIn dustjs prior to version 3.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes (‘proto…

[org.apache.karaf:apache-karaf] Apache Karaf vulnerable to potential code injection

  • Posted inHIGH
  • Posted byWpmaster
  • 12/22/202212/22/2022

This vulnerability is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource uses Init…

[github.com/kyverno/kyverno] Bypass of verifyImages rule possible with malicious proxy/registry

  • Posted inHIGH
  • Posted byWpmaster
  • 12/22/202212/24/2022

Impact
Users of Kyverno on versions 1.8.3 or 1.8.4 who use verifyImages rules to verify container image signatures, and do not prevent use of unknown registries.
Patches
This issue has been fixed in version 1.8.5
Workarounds
Configure a Kyverno policy …

[lite-dev-server] lite-dev-server vulnerable to Directory Traversal

  • Posted inHIGH
  • Posted byWpmaster
  • 12/21/202212/28/2022

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
References

https://nvd.nist.gov/vuln/detail/CVE-2…

[abacus-ext-cmdline] abacus-ext-cmdline vulnerable to Command Injection

  • Posted inHIGH
  • Posted byWpmaster
  • 12/21/202201/03/2023

All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-24431
https://security.snyk.io/vuln/SNYK-JS-ABACUSEXT…

[github.com/openfga/openfga] OpenFGA Authorization Bypass

  • Posted inHIGH
  • Posted byWpmaster
  • 12/21/202212/21/2022

Overview
During our internal security assessment, it was discovered that OpenFGA versions v0.3.0 is vulnerable to authorization bypass under certain conditions.
Am I Affected?
You are affected by this vulnerability if all of the following applies:

You…

[p4] p4 vulnerable to Command Injection due to improper input sanitization

  • Posted inHIGH
  • Posted byWpmaster
  • 12/20/202212/30/2022

The package p4 before 0.0.7 is vulnerable to Command Injection via the run() function due to improper input sanitization
References

https://nvd.nist.gov/vuln/detail/CVE-2022-25171
https://github.com/natelong/p4/commit/ae42e251beabf67c00539ec0e1d7aa149…

[lite-server] lite-server vulnerable to Denial of Service

  • Posted inHIGH
  • Posted byWpmaster
  • 12/20/202212/28/2022

All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
References

https://nvd.nist.gov/vuln/detail/CVE-2022…

Posts navigation

Previous Posts 1 … 13 14 15 16 17 … 39 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close