CVE-2022-38046
Web Account Manager Information Disclosure Vulnerability.Read More ...
Continue Reading
October 11, 2022
CVE-2022-38046
CVE-2022-32175
In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to fo ...
Continue Reading
October 11, 2022
Improper Validation of Array Index
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are be ...
Continue Reading
October 10, 2022
URL Redirection to Untrusted Site (‘Open Redirect’)
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an ar ...
Continue Reading
October 10, 2022
Security Bulletin: WebSphere Application Server Liberty is vulnerable to Cross-site Scripting that affects Liberty for Java for IBM Cloud (CVE-2020-4303, CVE-2020-4304)
## Summary There is a cross-site scripting vulnerability in the OAuth, OpenID Connect and SAML features. This has been addressed. ## Vulnerability Details ** CVEID: **[CVE-2020-4303]() ** DESCRIPTION: ...
Continue Reading
October 07, 2022
Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to a denial of service (CVE-2020-4590)
## Summary There is a denial of service vulnerablility in IBM WebSphere Application Server Liberty used in Liberty for Java for IBM Cloud. ## Vulnerability Details ** CVEID: **[CVE-2020-4590]() ** DES ...
Continue Reading
October 07, 2022
Tendermint Core vulnerable to Uncontrolled Resource Consumption
### Description Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, [we added a new `Timestamp` field to `Evidence` structs](https://github.com/tendermi ...
Continue Reading
October 07, 2022
Tendermint Core vulnerable to Uncontrolled Resource Consumption
### Description Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, [we added a new `Timestamp` field to `Evidence` structs](https://github.com/tendermi ...
Continue Reading
October 07, 2022
CVE-2022-32171
In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete user functionality. When an authenticated user deletes a user having a XSS payload in the us ...
Continue Reading
October 06, 2022
CVE-2022-36083
(JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS w ...)Read More ...
Continue Reading
October 05, 2022
Load more