Apache SOAP XML External Entity Injection Vulnerability
Apache SOAP is used as a client-side library by the Apache Foundation to invoke SOAP services available elsewhere, and as a server-side tool to implement SOAP-accessible services. parser in the RPCRou ...
Continue Reading
November 15, 2022
.NET Core Elevation of Privilege Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their ...
Continue Reading
November 15, 2022
.NET Core Elevation of Privilege Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their ...
Continue Reading
November 15, 2022
Lighttpd: Denial of Service
### Background Lighttpd is a lightweight high-performance web server. ### Description Lighttpd's mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket hands ...
Continue Reading
November 15, 2022
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
### Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not ...
Continue Reading
November 15, 2022
CVE-2022-39386
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impa ...
Continue Reading
November 15, 2022
Denial Of Service (DoS)
@fastify/websocket and fastify-websocket are vulnerable to denial of service. The vulnerability is due to the `fastifyWebsocket` function in `index.js` which crashes the application on an uncaught exc ...
Continue Reading
November 15, 2022
CVE-2022-43680
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. #### Bugs * #### Notes Author| No ...
Continue Reading
November 15, 2022
Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325
* [CVE-2019-8322]() An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is cr ...
Continue Reading
October 20, 2022
CVE-2022-21612
Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware (component: Dashboard). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable v ...
Continue Reading
October 18, 2022
