Gwyn's Imagemap Selector Security Vulnerabilities

Unbreakable Enterprise kernel-container security update

[5.15.0-3.60.5.1.el8] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34721465] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - fs: do not compare against ->llseek (Jason A....

Upgraded Q -> M from 463 [1666363539691]

Judge has assessed an item in Issue #463 as Medium risk. The relevant finding follows: Ignores return value of onERC721Received The try block should include a check to make sure the function returns its selector as specified by IERC721Receiver. While the function may have the same parameters as...

Unbreakable Enterprise kernel security update

[5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty...

Security update for the Linux Kernel (important)

An update that solves 26 vulnerabilities, contains two features and has 89 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-39190: Fixed an issue that was...

Security update for roundcubemail (important)

An update that fixes four vulnerabilities is now available. Description: This update for roundcubemail fixes the following issues: roundcubemail was updated to 1.5.3 Enigma: Fix initial synchronization of private keys Enigma: Fix double quoted-printable encoding of pgp-signed messages with ...

GitLab: Stored XSS via Kroki diagram

Summary If Kroki has been enabled, it's possible to craft a pre block so that arbitrary attributes can be injected into the resulting img tag. The css selector for finding a valid node to convert into a kroki diagram checks for either pre[lang="#{diagram_type}"] > code or for pre >...

Debian DLA-3149-1 : ruby-nokogiri - LTS security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3149 advisory. A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are...

(RHSA-2022:6823) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.6, and includes bug fixes.....

(RHSA-2022:6822) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.6, and includes bug fixes.....

(RHSA-2022:6821) Important: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.7 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.6, and includes bug fixes.....

Velociraptor Version 0.6.6: Multi-Tenant Mode and More Let You Dig Deeper at Scale Like Never Before

Rapid7 is excited to announce the release of version 0.6.6 of Velociraptor – an advanced, open-source digital forensics and incident response (DFIR) tool that enhances visibility into your organization’s endpoints. After several months of development and testing, we are excited to share its...

Google Chrome 103.0.5060.53 Autofill Assistant Universal Cross Site Scripting Vulnerability

...

CVE-2011-0729

dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2)...

CVE-2011-0729

dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2)...

Google Chrome 103.0.5060.53 Autofill Assistant Universal Cross Site Scripting

...

CVE-2022-28982

A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a...

CVE-2022-28982

A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a...

Cross site scripting

A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a...

Unbreakable Enterprise kernel security update

[5.4.17-2136.311.6] - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34535896] [5.4.17-2136.311.5] - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586} -...

CVE-2022-28982

A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a...

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.311.6] - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34535896] [5.4.17-2136.311.5] - netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}...

CATS - REST API Fuzzer And Negative Testing Tool For OpenAPI Endpoints

REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort! Comprehensive: tests are generated automatically based on a large number scenarios and cover every field and header Intelligent: tests are generated based on data types and...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2022:10122-1)

The remote host is missing an update for...

Malicious party active member can approve malicious contract to spend and steal party ERC1155 nft and ERC20 tokens via arbitrary proposal execution

Lines of code https://github.com/PartyDAO/party-contracts-c4/blob/3896577b8f0fa16cba129dc2867aba786b730c1b/contracts/proposals/ArbitraryCallsProposal.sol#L104 Vulnerability details Impact Detailed description of the impact of this finding. Let's look into the implementation in...

Security update for virtualbox (moderate)

An update that fixes two vulnerabilities is now available. Description: This update for virtualbox fixes the following issues: Remove package virtualbox-guest-x11, which is no longer needed. Fix screen resizing under Wayland (boo#1194126 and boo#1194126) Version bump to 6.1.36 released by...

Security update for the Linux Kernel (important)

An update that solves 23 vulnerabilities, contains 5 features and has 88 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-39190: Fixed an issue that was...

Security update for the Linux Kernel (important)

An update that solves 25 vulnerabilities, contains four features and has 91 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-39190: Fixed an issue that...

SUSE: Security Advisory (SUSE-SU-2022:3282-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2022:3265-1)

The remote host is missing an update for...

(RHSA-2022:6507) Critical: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments....

Symfony vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages symfony - set of reusable components and framework for web projects Details James Isaac and Mathias Brodala discovered that Symfony incorrectly handled switch users functionality. An attacker could possibly use this issue to enumerate users....

Security update for nim (important)

An update that fixes 9 vulnerabilities is now available. Description: This update for nim fixes the following issues: Includes upstream security fixes for: (boo#1175333, CVE-2020-15693) httpClient is vulnerable to a CR-LF injection (boo#1175334, CVE-2020-15692) mishandle of argument to ...

GLSA-202208-29 : Nokogiri: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-29 (Nokogiri: Multiple Vulnerabilities) Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML...

Security update for the Linux Kernel (important)

An update that solves 5 vulnerabilities, contains 9 features and has 31 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2021-33655: Fixed out of bounds write...

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update. (Moderate) (RHSA-2022:5894)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

Stored XSS on Categories

Description Title parameter in the body of POST request when creating/editing a category is vulnerable to stored XSS. # Proof of Concept 1 - Go to https://demo.microweber.org/demo/admin/view:content/action:categories 2 - Create a category or edit an existing one. 3 - Modify the title to an XSS...

If a MIMOProxy owner destroys their proxy, they cannot deploy another from the same address

Lines of code Vulnerability details When deploying a new MIMOProxy, the MIMOProxyRegistry first checks whether a proxy exists with the same owner for the given address. If an existing proxy is found, the deployment reverts: MIMOProxyRegistry#deployFor function deployFor(address owner) public...

Incorrect implementation of access control in MIMOProxy:execute

Lines of code https://github.com/code-423n4/2022-08-mimo/blob/main/contracts/proxy/MIMOProxy.sol#L104 Vulnerability details Description There is a function execute in MIMOProxy smart contract. The function performs a delegate call to the user-specified address with the specified data. As an access....

Malicious targets can manipulate MIMOProxy permissions

Lines of code https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/proxy/MIMOProxy.sol#L55-L64 Vulnerability details The MIMOProxy contract stores per-caller, per-target, per-selector permissions in a nested internal mapping. MIMOProxy.sol#L21: ///...

[H3] Persisted msg.value in a loop of delegate calls can be used to drain ETH from your proxy

Lines of code Vulnerability details Impact msg.value in a loop can be used to drain proxy funds PoC While BoringBatchable is out of the scope, this bug affects seriously MIMOProxy as it inherits. Some time ago I read a report about an auditor called samczsung...

Malicious manipulation of gas reserve can deny access to MIMOProxy

Lines of code https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/proxy/MIMOProxy.sol#L74-L79 Vulnerability details The MIMOProxy contract defines a minGasReserve value as a storage variable: MIMOProxy.sol#L18: /// @inheritdoc IMIMOProxy uint256...

Delegate call can manipulate minGasReserve and the _permissions mapping.

Lines of code Vulnerability details Impact When the proxy delegatecalls the target contract the target contracts code runs in the proxy’s storage. This means the target code has access to all of proxy’s storage including internal mappings. As a result, the target contracts code can manipulate...

Multicall does not check if the owner has changed after calls has been made(msg.sender misuse)

Lines of code https://github.com/code-423n4/2022-08-mimo/tree/main/contracts/proxy/MIMOProxy.sol#L104 Vulnerability details Impact The multicall doesn't check if the owner has changed after call or calls has been made. The transferOwnerShip() contracts/proxy/MIMOProxy.sol/ requires that the owner.....

(RHSA-2022:5894) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update.

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 is a first release for Red Hat JBoss Enterprise Application Platform 7.4 on Red Hat Enterprise Linux 9,.....

Security update for the Linux Kernel (important)

An update that solves 48 vulnerabilities, contains 26 features and has 202 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch...

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2022:10067-1)

The remote host is missing an update for...

Security update for virtualbox (important)

An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for virtualbox fixes the following issues: Save and restore FPU status during interrupt. (boo#1199803) Update support of building with Python Replace SDL-devel BuildRequires with...

Cross-site Scripting (XSS)

grapesjs is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious...

grapesjs before 0.19.5 vulnerable to Cross-site Scripting

The package grapesjs before 0.19.5 is vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector...