UBUNTU-CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

PT-2022-6103 · Wolfssl +1 · Wolfssl +1

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.5.2 Description: The issue is related to a buffer over-read vulnerability in the wolfSSL library. This can be triggered by a malicious TLS 1.3 client or network attacker when callback functions are enabled via the...

apinto-dashboard 输入验证错误漏洞

apinto-dashboard is a visual UI project open source by eolinker. apinto-dashboard there is an input validation error vulnerability , the vulnerability stems from some unknown processing of the login , the operation of the parameter callbacks lead to open redirection...

GSD-2022-1005600 soundwire: revisit driver bind/unbind and callbacks

soundwire: revisit driver bind/unbind and callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...

GSD-2022-1005250 soundwire: revisit driver bind/unbind and callbacks

soundwire: revisit driver bind/unbind and callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

CLSA-2022-1663184219 Fixed CVE-2022-2526 in systemd

CVE-2022-2526: use unref the DnsStream in callbacks correctly...

CLSA-2022-1663183381 Fixed CVE-2022-2526 in systemd

CVE-2022-2526: use unref the DnsStream in callbacks correctly...

systemd security update

239-58.0.1.4 - Disable unprivileged BPF by default Orabug: 32870980 - backport upstream pstore tmpfiles patch Orabug: 31420486 - udev rules: fix memory hot add and remove Orabug: 31310273 - fix to enable systemd-pstore.service Orabug: 30951066 - journal: change support URL shown in the catalog...

systemd security update

219-78.0.9.el79.7 - Core: explicitly trigger changing udev systemdwants property Orabug: 31858125 - Disable unprivileged BPF by default Orabug: 32871008 - Resolve missing installation files for systemd-pstore Orabug 32497787 - Change to have file tmpfiles.d/systemd-pstore.conf installed on upon...

URL Redirection to Untrusted Site ('Open Redirect') in next-auth

Impact We found that this vulnerability is present when the developer is implementing an OAuth 1 provider by extension, it means Twitter, which is the only built-in provider using OAuth 1, but upgrading is still recommended. next-auth v3 users before version 3.29.3 are impacted. We recommend...

Devise Token Auth vulnerable to Cross-site Scripting

An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting XSS through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects...

kernel: perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()

A resource-handling flaw was found in the Linux kernel performance monitoring driver for ARM System Memory Management Unit version 3 in the way hotplug callbacks are registered during driver initialization. If driver registration fails, previously added CPU hotplug callbacks are not removed,...

kernel: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()

A vulnerability was found in the Linux kernel's ethtool implementation in the ioctl handling of coalesce settings, where the system attempts to change coalesce settings using the ethtoolsetcoalesce function without verifying the availability of both the .getcoalesce and .setcoalesce callbacks,...

GSD-2022-1001477 PM: core: keep irq flags in device_pm_check_callbacks()

PM: core: keep irq flags in devicepmcheckcallbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

NextAuth.js default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. We recommend upgrading to v4 in most cases. See our migration guide.next-auth v4 users before version 4.3.2 are impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a...

CVE-2022-24858

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

Design/Logic Flaw

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

EDRSandblast - Tool That Weaponize A Vulnerable Signed Driver To Bypass EDR Detections And LSASS Protections

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections Kernel callbacks and ETW TI provider and LSASS protections. Multiple userland unhooking techniques are also implemented to evade userland monitoring. As of release, combination of userland...

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress SpiderCalendar plugin is vulnerable to a cross-site scripting vulnerability that stems from the...