๐จ CVE-2022-32085
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
๐@cveNotify
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
๐@cveNotify
๐จ CVE-2020-4150
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142.
๐@cveNotify
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142.
๐@cveNotify
Ibmcloud
IBM SiteProtector information disclosure CVE-2020-4150 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
๐จ CVE-2020-4138
IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.
๐@cveNotify
IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.
๐@cveNotify
Ibmcloud
IBM SiteProtector information disclosure CVE-2020-4138 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
๐จ CVE-2022-31112
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.
๐@cveNotify
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.
๐@cveNotify
GitHub
fix: protected fields exposed via LiveQuery; this removes protected fโฆ ยท parse-community/parse-server@309f64c
โฆields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-s...
๐จ CVE-2022-32086
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
๐@cveNotify
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
๐@cveNotify
๐จ CVE-2022-32087
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
๐@cveNotify
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
๐@cveNotify
๐จ CVE-2021-21276
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.
๐@cveNotify
Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users' settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php.
๐@cveNotify
GitHub
Merge pull request from GHSA-vg6w-8w9v-xxqc ยท cydrobolt/polr@b198170
:aerial_tramway: A modern, powerful, and robust URL shortener - Merge pull request from GHSA-vg6w-8w9v-xxqc ยท cydrobolt/polr@b198170
๐จ CVE-2022-23717
PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication.
๐@cveNotify
PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication.
๐@cveNotify
Pingidentity
PingID integration for Windows login 2.8 (May 31, 2022) - PingID
Page created: 26 May 2022 | Page updated: 3 Jan 2023 Security keys (offline) - improved implementation PingID Integration for Windows login Improved An improved implementation has been introduced for the use of security keys while offline - they are now syncedโฆ
๐จ CVE-2022-23718
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.
๐@cveNotify
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.
๐@cveNotify
Pingidentity
PingID integration for Windows login 2.8 (May 31, 2022) - PingID
Page created: 26 May 2022 | Page updated: 3 Jan 2023 Security keys (offline) - improved implementation PingID Integration for Windows login Improved An improved implementation has been introduced for the use of security keys while offline - they are now syncedโฆ
๐จ CVE-2022-23719
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.
๐@cveNotify
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.
๐@cveNotify
Pingidentity
PingID integration for Windows login 2.8 (May 31, 2022) - PingID
Page created: 26 May 2022 | Page updated: 3 Jan 2023 Security keys (offline) - improved implementation PingID Integration for Windows login Improved An improved implementation has been introduced for the use of security keys while offline - they are now syncedโฆ
๐จ CVE-2022-31139
UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up `SecurityCheck.AccessLimiter` for UA to limit access to UA. Starting with version 1.4.0 and prior to version 1.7.0, when `SecurityCheck.AccessLimiter` is set up, untrusted code can access UA without limitation, even when UA is loaded as a named module. This issue does not affect those for whom `SecurityCheck.AccessLimiter` is not set up. Version 1.7.0 contains a patch.
๐@cveNotify
UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up `SecurityCheck.AccessLimiter` for UA to limit access to UA. Starting with version 1.4.0 and prior to version 1.7.0, when `SecurityCheck.AccessLimiter` is set up, untrusted code can access UA without limitation, even when UA is loaded as a named module. This issue does not affect those for whom `SecurityCheck.AccessLimiter` is not set up. Version 1.7.0 contains a patch.
๐@cveNotify
GitHub
Release 1.7.0 ยท Karlatemp/UnsafeAccessor
Changelog
IMPORTANT: Fix security checking of UnsafeAccess.getInstance
Affected version: >= 1.4.0 & < 1.7.0
Add Root.MethodHandleLookup for bytecode invokeDynamic executing
Add Unsafe...
IMPORTANT: Fix security checking of UnsafeAccess.getInstance
Affected version: >= 1.4.0 & < 1.7.0
Add Root.MethodHandleLookup for bytecode invokeDynamic executing
Add Unsafe...
๐จ CVE-2022-32295
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
๐@cveNotify
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
๐@cveNotify
๐จ CVE-2022-33099
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
๐@cveNotify
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
๐@cveNotify
๐จ CVE-2022-34894
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
๐@cveNotify
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services
๐@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
๐จ CVE-2014-3650
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.
๐@cveNotify
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.
๐@cveNotify
๐จ CVE-2022-31140
Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database connection exception showing database IP address/username/password, or a timeout detail / out of memory detail. Attackers could use this information for potential data exfiltration, denial of service attacks, enumeration attacks, etc. Version 0.12.0 contains a patch for this vulnerability.
๐@cveNotify
Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database connection exception showing database IP address/username/password, or a timeout detail / out of memory detail. Attackers could use this information for potential data exfiltration, denial of service attacks, enumeration attacks, etc. Version 0.12.0 contains a patch for this vulnerability.
๐@cveNotify
GitHub
Error messages leading to potential data exfiltration
```php
<?php
namespace My\App;
use CuyZ\Valinor\Mapper\MappingError;
use CuyZ\Valinor\Mapper\Tree\Node;
use CuyZ\Valinor\Mapper\Tree\NodeTraverser;
use CuyZ\Valinor\MapperBuilder;
r...
<?php
namespace My\App;
use CuyZ\Valinor\Mapper\MappingError;
use CuyZ\Valinor\Mapper\Tree\Node;
use CuyZ\Valinor\Mapper\Tree\NodeTraverser;
use CuyZ\Valinor\MapperBuilder;
r...
๐จ CVE-2022-31074
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.
๐@cveNotify
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.
๐@cveNotify
GitHub
Cloud AdmissionController component: DoS by exhausting memory of node with http request containing large body
### Impact
Several endpoints including `/devicemodels`, `/rules`, `/ruleendpoints`, `/offlinemigration` in the Cloud Admissioncontroller may be susceptible to a DoS attack if an HTTP request conta...
Several endpoints including `/devicemodels`, `/rules`, `/ruleendpoints`, `/offlinemigration` in the Cloud Admissioncontroller may be susceptible to a DoS attack if an HTTP request conta...
๐จ CVE-2022-31073
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. It is possible for the node to be exhausted of memory. The consequence of the exhaustion is that other services on the node, e.g. other containers, will be unable to allocate memory and thus causing a denial of service. Malicious apps accidentally pulled by users on the host and have the access to send HTTP requests to localhost may make an attack. It will be affected only when users enable the `ServiceBus` module in the config file `edgecore.yaml`. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the `ServiceBus` module in the config file `edgecore.yaml`.
๐@cveNotify
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the ServiceBus server on the edge side may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. It is possible for the node to be exhausted of memory. The consequence of the exhaustion is that other services on the node, e.g. other containers, will be unable to allocate memory and thus causing a denial of service. Malicious apps accidentally pulled by users on the host and have the access to send HTTP requests to localhost may make an attack. It will be affected only when users enable the `ServiceBus` module in the config file `edgecore.yaml`. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the `ServiceBus` module in the config file `edgecore.yaml`.
๐@cveNotify
GitHub
Cherry-pick GHSA-vwm6-qc77-v2rh: fix invalid request by kevin-wangzefeng ยท Pull Request #4042 ยท kubeedge/kubeedge
Authored-by: vincentgoat linguohui1@huawei.com
Co-authored-by: Kevin Wang kevinwzf0126@gmail.com
Signed-off-by: Kevin Wang kevinwzf0126@gmail.com
What type of PR is this?
/kind bug
What this PR d...
Co-authored-by: Kevin Wang kevinwzf0126@gmail.com
Signed-off-by: Kevin Wang kevinwzf0126@gmail.com
What type of PR is this?
/kind bug
What this PR d...
๐จ CVE-2020-35169
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.
๐@cveNotify
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.5.2, contain an Improper Input Validation Vulnerability.
๐@cveNotify
๐จ CVE-2020-35168
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
๐@cveNotify
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
๐@cveNotify
๐จ CVE-2020-35167
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
๐@cveNotify
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite,
versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
๐@cveNotify