In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.Read More ...
Continue Reading
October 11, 2022
This advisory contains the following OpenShift Virtualization 4.8.7 images: RHEL-8-CNV-4.8 ============== vm-import-controller-container-v4.8.7-4 ovs-cni-marker-container-v4.8.7-6 virt-cdi-apiserver-c ...
Continue Reading
October 11, 2022
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess o ...
Continue Reading
October 10, 2022
How to reproduce 1.Bring up the test network.(https://hyperledger-fabric.readthedocs.io/en/latest/test_network.html#bring-up-the-test-network) 2.Run the PoC. ```bash go run poc.go -server=192.168.0.20 ...
Continue Reading
October 10, 2022
## Summary: Reddit.secure.force.com is Reddit SalesForce instance. Attacker is able to send attachments of disallowed filetypes to this server. The attacker is able to send malicious documents such as ...
Continue Reading
October 10, 2022
Vulnerability Management is a foundational component of any cybersecurity program for the implementation of appropriate security controls and the management of cyber risk. Earlier this year Qualys int ...
Continue Reading
October 10, 2022
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1 ...
Continue Reading
October 09, 2022
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.Read More ...
Continue Reading
October 07, 2022
Back to Main
