Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

CVE-2022-1057

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

CVE
Open in Source
#sql#wordpress#perl#auth
What It Takes to Tackle Your SaaS Security

It's not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc., are amazing for enabling the hybrid workforce and hyper-productivity in businesses today. However, there are three main challenges that have arisen stemming from this evolution: (1) While SaaS apps include a host of native security settings, they need to be hardened by the security team of the organization

A Quick Guide to GDPR (General Data Protection Requirements)

By Owais Sultan General Data Protection Regulation or GDPR is not a new data protection law by any means. It has… This is a post from HackRead.com Read the original post: A Quick Guide to GDPR (General Data Protection Requirements)

GHSA-72x4-cq6r-jp4p: Improper Input Validation in orderer/common/cluster consensus request

### Impact If a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. This fix checks for the malformed consensus request and returns an error to the consensus client. ### Patches Fixed in v2.2.7 and v2.4.5. ### Workarounds None, users must upgrade to v2.2.7 or v2.4.5. ### References https://github.com/hyperledger/fabric/releases/tag/v2.2.7 https://github.com/hyperledger/fabric/releases/tag/v2.4.5 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Hyperledger Fabric repository](https://github.com/hyperledger/fabric/issues) ### Credits Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.

Report: Brazil must do more to encrypt, back up data

We take a look at a report which indicates Brazil has a long way to go with regard to encrypting and backing up data. The post Report: Brazil must do more to encrypt, back up data appeared first on Malwarebytes Labs.

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.

CVE-2022-2047

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.

CVE-2021-29281: Unrestricted File Upload | OWASP Foundation

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.

CVE-2022-31136

Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue.