Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2890
https://github.com/yetiforcecompany/yetiforcecrm/commit/2c14baaf8dbc7fd82d5c585f2fa0c23528…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method
References
https://nvd.nist.gov/vuln/detail/CVE-2022-…
Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2885
https://github.com/yetiforcecompany/yetiforcecrm/commit/a9ad9ee089b575855b9e5e202b4990a158…
A stored cross-site scripting (XSS) vulnerability in Kirby’s Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-35174
h…
Impact
A low severity security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this w…
Duplicate Advisory
This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references.
Original Description
Summary
As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of pa…
Wouter Castryck and Thomas Decru presented an efficient key recovery attack on the SIDH protocol.
As a result, the secret key of SIKEp751 can be recovered in a matter of hours.
The SIKE and SIDH schemes will be removed from oqs 0.7.2.
An efficient key …
NotrinosERP version 0.7 and prior is vulnerable to stored cross-site scripting. A fix is available on the master branch of the repository.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2871
https://github.com/notrinos/notrinoserp/commit/0362778…
Affected versions of this crate called the RocksDB C API
rocksdb_open_column_families_with_ttl() with a pointer to a single integer
TTL value, but one TTL value for each column family is expected.
This is only relevant when using
rocksdb::DBWithThreadM…
Before version 0.1.3 update_by_case gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses Arel instead to construct the resulting sql statement, with sanitized sql.
Refere…
