What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-21 11:15:10 | CVE-2022-38065 (lien direct) | A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. | Vulnerability Guideline | ||
|
2022-12-21 11:15:09 | CVE-2022-38060 (lien direct) | A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. | Vulnerability Guideline | ||
 |
2022-12-21 11:00:00 | Top bug bounty platforms for organizations to improve security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. What is a bug bounty platform? As mentioned in Wikipedia: “A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities”. For instance, Company ‘A’ wants to audit/test it’s apps i.e., web & mobile apps for security vulnerabilities & bugs, it will have two options: 1. Self-host bug bounty / responsible disclosure program 2. List bounty program on bug bounty platforms like Hackerone, BugCrowd etc. How does a bug bounty program work? Bug bounties help connect ethical hackers and a firm’s remediation team. A single bug bounty platform allows both parties to unite, communicate, and patch bugs quickly. Bug bounty program managers track the program’s progress by recording bounty payouts, number of vulnerabilities discovered and average resolution time. Before launching a bug bounty program, the firm sets program scope and determines whether it's private or public. Scope defines what systems are available for testing, how they will carry tests out, and how long the program will be open. Bug bounty programs can be either public or private. Private programs allow firms to make an invite-only program. Private programs aren't visible to anyone online. Mostly programs start as private, with the option to go public when firms decide they ’re ready. Private programs help firms pace their remediation efforts and avoid overwhelming their security teams with a lot of duplicate bug reports. Public programs can accept submissions from the entire hacker community, allowing all hackers to test a firm's assets. Because public programs are open, they frequently lead to a high number of bug reports (containing a lot of duplicates however). Payout of each bounty is set based on the vulnerability’s criticality. Bounty prices can range from several hundred dollars to thousands of dollars, and, in some cases, millions. Bounty programs give a social and professional element that attracts top-league hackers who are looking for community and a challenge. When a hacker discovers a bug, they submit a vulnerability report. This report shows what systems the bug impacts, how developers doing triage can replicate the bug, and its security risk level. These reports are transferred directly to the remediation teams that validates the bug. Upon validation of a bug, the ethical hacker receives payment for their finding. Why launch a bug bounty program? Some would say that why firms resort to bounty programs rather than hiring security professionals. Well, the answer is straightforward, some of them have their own security teams, however once we are talking about big firms like Facebook, Google, etc., they launch and develop loads of software, domains & other products continuously. With this huge list of assets, it nearly becomes impossible for the security teams to pen test all the targets. Therefore, bounty programs may be an economical approach for firms to regularly check large numbers of assets. Plus, bug bounty programs encourage security researchers to contribute ethically to these firms and receive acknowledgment/bounties. That’s why it makes a lot of sense for big firms to use bug bounty programs. However, for little budget firms, employing a bug bounty program won't be their best choice as they may receive loads of vulnerabilities that they can’t afford to pay for due to their limited resources. Top bug bounty platforms HackerOne In 2012, hackers and security leaders formed | Vulnerability Guideline | Yahoo | ★★★ |
|
2022-12-21 09:15:08 | CVE-2022-46330 (lien direct) | Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. | Guideline | ||
|
2022-12-21 09:15:07 | CVE-2022-43543 (lien direct) | KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4 | Vulnerability Guideline | ||
 |
2022-12-21 07:00:00 | The Three Why\'s of Vendor Consolidation (lien direct) | >Consolidating vendors has always been on the mind of digital leaders, but the current economic climate has elevated this topic, with a recent Gartner survey claiming that 75% of organisations are currently pursuing security vendor consolidation projects, up from 29% in 2020. On the face of it, we can put this down to the need […] | Guideline | ★★★ | |
|
2022-12-21 05:15:11 | CVE-2022-25893 (lien direct) | The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise. | Vulnerability Guideline | ||
|
2022-12-20 20:15:10 | CVE-2022-46771 (lien direct) | IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273. | Vulnerability Guideline | ||
 |
2022-12-20 16:11:00 | VirusTotal cheat sheet makes it easy to search for specific results (lien direct) | VirusTotal has published a cheat sheet to help researchers create queries leading to more specific results from the malware intelligence platform. [...] | Malware Guideline | ★★★ | |
|
2022-12-20 15:00:00 | Big Trends and Hot Topics From H-ISAC 2022 (lien direct) | >Last week, I had the opportunity to attend and speak at the H-ISAC fall summit here in Phoenix. As always, this conference is a great opportunity to meet back up with customers and friends from all around the Healthcare sector. This leads to illuminating conversations that really give me a higher definition picture of what […] | Guideline | ★★ | |
 |
2022-12-20 14:32:59 | Gigaclear Selects Corero to Offer Next-Gen DDoS Protection (lien direct) | Gigaclear Selects Corero to Offer Next-Gen DDoS Protection Corero Network Security, a specialist provider of real-time, high-performance, automatic Distributed Denial of Service (DDoS) Protection is proud to announce that Gigaclear, the UK's leading rural, full fibre broadband provider, has selected Corero Network Security to deliver DDoS Protection as a Service, across its network, protecting customers from attacks and service downtime. - Market News | Guideline | ★ | |
|
2022-12-20 14:21:31 | ThreatLabz: The State of Encrypted Attacks, 2022 (lien direct) | ThreatLabz: The State of Encrypted Attacks, 2022. Zscaler, Inc. the leader in cloud security, today announced the release of its annual State of Encrypted Attacks Report, which details the analysis of more than 24 billion threats from October 2021 through September 2022 to track trends of HTTPS-based attacks. The research leveraged insights from more than 300 trillion daily signals and 270 billion daily transactions in the Zscaler Zero Trust Exchange™ - the world's largest security cloud. - Special Reports | Guideline | ★★ | |
|
2022-12-20 09:04:02 | Proofpoint collabore avec la #FrenchTech cyber pour faire front contre la menace cyber (lien direct) | Proofpoint collabore avec la #FrenchTech cyber pour faire front contre la menace cyber Loïc Guezo, Directeur de la Stratégie Cyber, Proofpoint Depuis plus d'un an, Proofpoint a développé une collaboration technique avec 4 acteurs leaders de la cybersécurité française (Ilex International, TEHTRIS, Gatewatcher et IDECSI) pour bâtir un front commun inédit face à une menace cyber grandissante, omniprésente, et de plus en plus professionnalisée. - Points de Vue | Guideline | ★★ | |
 |
2022-12-20 07:32:00 | BrandPost: Managing Risk Would be Easier if It Weren\'t for People (lien direct) | Businesses are as much at risk from human error as from threat actors. Typos, configuration errors, and other human errors can lead to disaster on the same scale as any modern cyberthreat. Great technology defenses can only get you so far with managing risk.It is generally agreed upon that Zero Trust principles are a more effective approach to securing your organization than defense in depth (though they aren't mutually exclusive). This approach entails defining exactly what user or application has access to what resource, using a validation identity control, and continually validating that the behavior is acceptable. Nearly every organization has a progressive plan for deploying elements that achieve this depending on where they are on their adoption path. However, the technology side of the equation is discrete and primarily solvable. The challenge lies with the keyboard to monitor interface - the human.To read this article in full, please click here | Threat Guideline | ★ | |
 |
2022-12-20 06:48:23 | European Network and Information Security Directive Update (NIS2): High Level Strategy and Risk Management Priorities (lien direct) | >Updates to the latest iteration of the NIS version 2 guidance to coordinate cybersecurity across the European Union specify new terms and mandates for Member States. The guidance tasks leaders with applying cybersecurity considerations and requirements to entities that serve a large part of the populations and are considered vital to the economy based on […] | Guideline | ★★ | |
|
2022-12-20 05:15:11 | CVE-2022-25904 (lien direct) | All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an attacker to modify properties of the Object.prototype. | Guideline | ||
|
2022-12-19 21:15:10 | CVE-2022-39160 (lien direct) | IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 235064. | Vulnerability Guideline | ||
|
2022-12-19 21:15:10 | CVE-2022-43887 (lien direct) | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450. | Guideline | ||
|
2022-12-19 20:15:11 | CVE-2022-3775 (lien direct) | When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | Guideline | ||
|
2022-12-19 16:15:11 | CVE-2022-42947 (lien direct) | A maliciously crafted X_B file when parsed through Autodesk Maya 2023 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. | Vulnerability Guideline | ||
|
2022-12-19 16:15:11 | CVE-2022-42946 (lien direct) | Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | Vulnerability Guideline | ||
|
2022-12-19 15:15:10 | CVE-2022-4612 (lien direct) | A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-19 15:15:10 | CVE-2022-4611 (lien direct) | A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This affects an unknown part. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216273 was assigned to this vulnerability. | Guideline | ||
|
2022-12-19 15:15:10 | CVE-2022-4610 (lien direct) | A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216272. | Vulnerability Guideline | ||
|
2022-12-19 15:15:10 | CVE-2022-4613 (lien direct) | A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275. | Vulnerability Guideline | ||
|
2022-12-19 14:15:11 | CVE-2022-4050 (lien direct) | The JoomSport WordPress plugin before 5.2.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | Guideline | ||
|
2022-12-19 14:15:11 | CVE-2022-4058 (lien direct) | The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control. | Guideline | ||
|
2022-12-19 14:15:10 | CVE-2020-36619 (lien direct) | A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-19 14:15:10 | CVE-2021-4260 (lien direct) | A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268. | Vulnerability Guideline | ||
|
2022-12-19 14:15:10 | CVE-2021-4261 (lien direct) | A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 29522c90ca1cebfce6453a5af5a45281d99b0646. It is recommended to upgrade the affected component. VDB-216270 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-19 14:15:10 | CVE-2021-4262 (lien direct) | A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d94f43d0dc772767a5bdb2681133036f935e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216271. | Vulnerability Guideline | ||
|
2022-12-19 14:15:10 | CVE-2020-36618 (lien direct) | A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252. | Vulnerability Guideline | ||
|
2022-12-19 14:15:10 | CVE-2021-4258 (lien direct) | ** DISPUTED ** A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack. | Vulnerability Guideline | ||
|
2022-12-19 14:15:10 | CVE-2021-4259 (lien direct) | A vulnerability was found in phpRedisAdmin up to 1.17.3. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216267. | Vulnerability Guideline | ||
|
2022-12-19 13:02:36 | Logpoint included in research by leading global research firm (lien direct) | Logpoint included in research by leading global research firm. Logpoint aims to deliver complete insights into security posture and performance, empowering organizations to address cybersecurity from a business-value perspective and protect the business appropriately. - MAGIC QUADRANT | Guideline | ★ | |
|
2022-12-19 12:56:59 | Rubrik nomme John W. Thompson comme principal administrateur indépendant de son conseil d\'administration (lien direct) | Rubrik nomme John W. Thompson comme principal administrateur indépendant de son conseil d'administration L'ancien président du conseil d'administration de Microsoft et l'ancien CEO de Symantec élargit le rôle du conseil d'administration de Rubrik et participe à renforcer le leadership de la société en matière de cybersécurité. - Business | Guideline | ★ | |
|
2022-12-19 12:54:01 | Bugcrowd Launches Bug Bounty Program for Australian-Based Navitas (lien direct) | Bugcrowd Launches Bug Bounty Program for Australian-Based Navitas Leading global education provider engages with Bugcrowd Security Researchers to Identify Threats - Market News | Guideline | ★★ | |
|
2022-12-19 12:15:11 | CVE-2022-40743 (lien direct) | Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. | Vulnerability Guideline | ||
|
2022-12-19 11:15:10 | CVE-2022-3877 (lien direct) | A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. Affected is an unknown function of the component URL Field Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216246 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-12-19 11:15:10 | CVE-2022-3876 (lien direct) | A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability. | Guideline | ||
|
2022-12-19 11:15:10 | CVE-2022-3875 (lien direct) | A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244. | Vulnerability Guideline | ||
|
2022-12-18 22:15:10 | CVE-2022-4607 (lien direct) | A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.3.0 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215. | Vulnerability Guideline | ||
|
2022-12-18 22:15:10 | CVE-2021-4256 (lien direct) | A vulnerability was found in ctrlo lenio. It has been classified as problematic. This affects an unknown part of the file views/index.tt. The manipulation of the argument task.name/task.site.org.name leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier VDB-216213 was assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-18 22:15:10 | CVE-2021-4255 (lien direct) | A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216212. | Vulnerability Guideline | ||
|
2022-12-18 22:15:10 | CVE-2021-4254 (lien direct) | A vulnerability has been found in ctrlo lenio and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/layouts/main.tt of the component Notice Handler. The manipulation of the argument notice.notice.text leads to cross site scripting. The attack can be launched remotely. The name of the patch is aa300555343c1c081951fcb68bfb6852fbba7451. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216211. | Vulnerability Guideline | ||
|
2022-12-18 22:15:10 | CVE-2021-4251 (lien direct) | A vulnerability classified as problematic was found in as. This vulnerability affects the function getFullURL of the file include.cdn.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 4acad1e3d2c34c017473ceea442fb3e3e078b2bd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216208. | Vulnerability Guideline | ||
|
2022-12-18 22:15:10 | CVE-2021-4252 (lien direct) | A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. It is recommended to apply a patch to fix this issue. The identifier VDB-216209 was assigned to this vulnerability. | Guideline | ||
|
2022-12-18 22:15:10 | CVE-2021-4253 (lien direct) | A vulnerability, which was classified as problematic, was found in ctrlo lenio. Affected is an unknown function in the library lib/Lenio.pm of the component Ticket Handler. The manipulation of the argument site_id leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 7a1f90bd2a0ce95b8338ec0926902da975ec64d9. It is recommended to apply a patch to fix this issue. VDB-216210 is the identifier assigned to this vulnerability. | Guideline | ||
|
2022-12-18 22:15:10 | CVE-2021-4257 (lien direct) | A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. It is recommended to apply a patch to fix this issue. VDB-216214 is the identifier assigned to this vulnerability. | Vulnerability Guideline | ||
|
2022-12-18 22:15:10 | CVE-2021-4250 (lien direct) | A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.3. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.4 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207. | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
