Tag
#windows
Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster.
Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn't correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of t...
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
Microsoft posted a reminder that Exchange Server 2013 is destined to reach end of support very, very soon. The post You only have nine months to ditch Exchange Server 2013 appeared first on Malwarebytes Labs.
Mailhog version 1.0.1 suffers from a persistent cross site scripting vulnerability.
WordPress Weblizar plugin version 8.9 suffers from a remote code execution vulnerability.
Coffee Shop Cashiering System version 1.0 suffers from a remote time-based SQL injection vulnerability.
Library Management System with QR Code version 1.0 suffers from a remote SQL injection vulnerability.
Library Management System with QR Code version 1.0 suffers from a persistent cross site scripting vulnerability.