Improper Access Control in Onionshare
Between September 26, 2021 and October 8, 2021, [Radically Open Security](https://www.radicallyopensecurity.com/) conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's [ ...
Continue Reading
July 01, 2023
Security Bulletin: IBM UrbanCode Release is affected by CVE-2020-13935
## Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.4 are affected by CVE-2020-13935 ## Vulnerability Details ** CVEID: **[CVE-2020-13935]() ** DESCRIPTION: **Apache Tomcat is vulnerable to a denia ...
Continue Reading
July 01, 2023
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
This module uses a blind SQL injection (CVE-2020-5724) affecting the Grandstream UCM62xx IP PBX to dump the users table. The injection occurs over a websocket at the websockify endpoint, and specifica ...
Continue Reading
July 01, 2023
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which a ...
Continue Reading
July 01, 2023
CPP-Ethereum JSON-RPC admin_nodeInfo improper authorization Vulnerability
### Summary An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereumâs JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause ...
Continue Reading
July 01, 2023
CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability
### Summary An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereumâs JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an ...
Continue Reading
July 01, 2023
CVE-2022-25313
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. #### Notes Author| Note ---|--- [sbeattie]() | paraview uses ...
Continue Reading
July 01, 2023
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management Server 11.6
## Summary IBM WebSphere Application Server 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-F ...
Continue Reading
June 30, 2023
CVE-2023-23602
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from insi ...
Continue Reading
June 30, 2023
Ganeti – Multiple Vulnerabilities
Ganeti - Multiple VulnerabilitiesRead More ...
Continue Reading
June 30, 2023
