CVSS3 - CRITICAL - API Security Blog

CVE-2022-35948

undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifical ...

August 24, 2022

Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security issues due to Node.js

## Summary IBM has announced a release for IBM Security Verify Governance (ISVG) in response to security vulnerabilities. The vulnerabilities are caused by Node.js which is vulnerable to multiple thre ...

August 22, 2022

Security update for trivy (moderate)

An update that fixes three vulnerabilities is now available. Description: This update for trivy fixes the following issues: Update to version 0.30.4: * fix: remove the first arg when running ...

August 20, 2022

Security update for trivy (moderate)

An update that fixes three vulnerabilities is now available. Description: This update for trivy fixes the following issues: Update to version 0.30.4: * fix: remove the first arg when running ...

August 20, 2022

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949

## Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that us ...

August 18, 2022

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root use ...

August 18, 2022

CVE-2022-35175

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php.Read More ...

August 18, 2022