Max Bond, AndreSC Security Vulnerabilities

CVE-2021-37376

Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be...

CVE-2024-32547

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Insert Manager (Q2W3 Inc Manager): from n/a through...

CVE-2022-48640

In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member because if a bond is initially created with an initial mode != zero (Round Robin) the memory required for the...

CVE-2022-48640

In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member because if a bond is initially created with an initial mode != zero (Round Robin) the memory required for the...

CVE-2024-26723

In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix crash when adding interface under a lag There is a crash when adding one of the lan966x interfaces under a lag interface. The issue can be reproduced like this: ip link add name bond0 type bond miimon 100 mode...

CVE-2024-26723

In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix crash when adding interface under a lag There is a crash when adding one of the lan966x interfaces under a lag interface. The issue can be reproduced like this: ip link add name bond0 type bond miimon 100 mode...

CVE-2022-48640 bonding: fix NULL deref in bond_rr_gen_slave_id

In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member because if a bond is initially created with an initial mode != zero (Round Robin) the memory required for the...

Infinite loop in .Net Bond

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. Handling of large container lengths that could cause an infinite loop when deserializing some...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200311)

Security Fix(es) : kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless /wext-sme.c (CVE-2019-17133) kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) Bug Fix(es) : LACP bond does not function because bonding driver...

CVE-2024-26723

In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix crash when adding interface under a lag There is a crash when adding one of the lan966x interfaces under a lag interface. The issue can be reproduced like this: ip link add name bond0 type bond miimon 100 mode...

kernel security, bug fix, and enhancement update

[4.18.0-553.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with...

SUSE: Security Advisory (SUSE-SU-2018:4128-1)

The remote host is missing an update for...

Depository.sol#L291 : Lack of slippage protection when deposit tokens in exchange for a bond from a specified product

Lines of code Vulnerability details Impact Lack of slippage protection for an user from minting the OLAs for the given token amount. When the price fluctuation is high, user would suffer with huge loss. Proof of Concept Depository contract would be used to create a product and for a particular...

SUSE: Security Advisory (SUSE-SU-2019:1122-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2019:3191-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2012:0115-2)

The remote host is missing an update for...

CVE-2023-52218

Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through...

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...

Potential inaccurate calculation of maxBond and effectiveBond in case of delayed call to checkpoint()

Lines of code https://github.com/code-423n4/2023-12-autonolas/blob/2a095eb1f8359be349d23af67089795fb0be4ed1/tokenomics/contracts/Tokenomics.sol#L925-L942 Vulnerability details Impact The checkpoint() function in the Tokenomics contract is responsible for recording global data when a new epoch...

CVE-2023-52218 WordPress WooCommerce Tranzila Gateway Plugin <= 1.0.8 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through...

Paving a Path to Systems Administration: Naeem Jones’ Journey with Rapid7

Prior to becoming a Systems Administrator at Rapid7, Naeem Jones entered his career in cybersecurity through the Hack. Diversity program. Hack.Diversity is a program that connects talented Black and Latin/x students and early-career professionals with organizations that are looking to build...

Bootiful Spring Boot in 2024 (part 1)

NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion.....

Cisco SD-WAN Buffer Overflow Vulnerabilities (cisco-sa-sdwan-bufovulns-B5NrSHbj)

According to its self-reported version, Cisco SD-WAN products are affected by multiple buffer overflow vulnerabilities that allow an unauthenticated, remote attacker to execute attacks against an affected device. Please see the included Cisco BIDs and Cisco Security Advisory for more...

KLA11861 Multiple vulnerabilities in Microsoft Products (OSS)

Detect date: 07/14/2020 Severity: High Description: Multiple vulnerabilities were found in Microsoft Products (Open Source Software). Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges. Affected products: Microsoft Visual Studio 2017 version 15.9...

Virtuozzo Hybrid Infrastructure 6.0 Update 1 (6.0.1-76)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover improvements in the compute service, object storage, alerts and monitoring. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases....

CVE-2020-1469

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service...

What Is Dynamic DNS

Delving into the Multiple Aspects of the Dynamic Domain Name Protocol (DDNS): A Detailed Scrutiny DDNS, standing for Dynamic Domain Name System, is an automatic procedure crafted to maintain the synchronization of the data associated with a DNS server. This system functions uninterruptedly to make....

How to Protect Your Privacy Online

Decoding the Complexities of Digital Personhood and Its Private Aspects: Elemental Groundwork As we stride through this tech-propelled age, concerns related to internet-bound privacy have risen as pressing hurdles for all cyber inhabitants around the planet. Considering the ever-broadening...

CVE-2020-15509

Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g.,...

CVE-2023-47690

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin &lt;= 1.10...

Cross site scripting

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin &lt;= 1.10...

bond-consultants.com Cross Site Scripting vulnerability OBB-3575550

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...