Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

CVE-2022-45868: h2database/WebServer.java at 96832bf5a97cdc0adc1f2066ed61c54990d66ab5 · h2database/h2database

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that."

CVE
#sql#vulnerability#web#windows#google#microsoft#amazon#apache#js#java#oracle#ibm#postgres#ssl
CVE-2022-38114: SEM 2022.4 Release Notes

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

CVE-2021-35246: CVE - CVE-2021-35246

The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.

Red Hat Security Advisory 2022-8580-01

Red Hat Security Advisory 2022-8580-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

CVE-2022-43212: Billing System Project in PHP Source Code Free Download

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.

Red Hat Security Advisory 2022-8556-01

Red Hat Security Advisory 2022-8556-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

The Hunt for the Dark Web’s Biggest Kingpin, Part 5: Takedown

After months of meticulous planning, investigators finally move in to catch AlphaBay’s mastermind red-handed. Then the case takes a tragic turn.

CVE-2022-36180: FusionDirectory.com is for sale | HugeDomains

Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.

CVE-2022-30258: DnsServer/CHANGELOG.md at master · TechnitiumSoftware/DnsServer

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and highly impactful, because the exploitation conforms to de facto DNS specifications and operational practices, and overcomes current mitigation patches for "Ghost" domain names.

GHSA-368v-7v32-52fx: Overflow in `ResizeNearestNeighborGrad`

### Impact When [`tf.raw_ops.ResizeNearestNeighborGrad`](https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/kernels/image/resize_nearest_neighbor_op.cc) is given a large `size` input, it overflows. ``` import tensorflow as tf align_corners = True half_pixel_centers = False grads = tf.constant(1, shape=[1,8,16,3], dtype=tf.float16) size = tf.constant([1879048192,1879048192], shape=[2], dtype=tf.int32) tf.raw_ops.ResizeNearestNeighborGrad(grads=grads, size=size, align_corners=align_corners, half_pixel_centers=half_pixel_centers) ``` ### Patches We have patched the issue in GitHub commit [00c821af032ba9e5f5fa3fe14690c8d28a657624](https://github.com/tensorflow/tensorflow/commit/00c821af032ba9e5f5fa3fe14690c8d28a657624). The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](h...