There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to der ...

Continue Reading

August 26, 2022

There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' t ...

Continue Reading

August 26, 2022

In this article, we look into writing a custom extension for Spring Cloud Gateway. Before we get started, let’s go over how Spring Cloud Gateway works: ![Spring Cloud Gateway diagram](https://static. ...

Continue Reading

August 26, 2022

A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerab ...

Continue Reading

August 26, 2022

[![](https://blogger.googleusercontent.com/img/a/AVvXsEg0DbWvIQOMVaBuGBCqW0LNGhNb0yQsKFSCgZ_B8YHMDvDMyEOUJtLu_rNUpJ5XjP8EaNZ4HGmZhvn86I1mm_7kv1IMBYMuGIyEIiasc05xIRxpqdpM9omUckTf5jdOLWfFGXEYiQ6bzdUAykb ...

Continue Reading

August 26, 2022

The version of ManageEngine NCM running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnera ...

Continue Reading

August 26, 2022

The version of ManageEngine OpManager running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass v ...

Continue Reading

August 26, 2022

The version of ManageEngine Firewall Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication ...

Continue Reading

August 26, 2022