OPENSUSE-SU-2022:10182-1 Security update for opera

This update for opera fixes the following issues: Update to 92.0.4561.21 - CHR-9037 Update chromium on desktop-stable-106-4561 to 106.0.5249.119 - DNA-102295 Missing GX.games section in settings - DNA-102308 Presubmit errors - DNA-102329 Consent flow clicking on 'Customize settings' doesn't resiz...

PT-2022-25324 · Php Point Of Sale Llc +1 · Php Point Of Sale

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The application is affected by an authenticated Stored Cross-Site Scripting XSS issue in the upload and download functionality. This could allow attackers to escalate privileges or...

Delta Industrial Automation InfraSuite Device Master APRunning Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gateway endpoint, which listens on TCP...

Stored Cross Site Scripting (Network Maps Editor functionality)

Description Hello Team, Hope you are doing well. I have found a stored cross-site scripting vulnerability in the network maps edit functionality. What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry...

SUSE-SU-2022:3766-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host bsc1181961. - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process bsc116786...

CVE-2022-33205

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

CVE-2022-35263

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

CVE-2022-33897

A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-35261

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

Denial of service

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

Format string

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

Command injection

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

CVE-2022-35265

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

CVE-2022-33189

CVE-2022-33189 : In Abode Systems iota All-In-One Security Kit 6.9Z, the XCMD “setAlexa” accepts an XML payload containing regCode, which can be exploited to trigger a DNS discovery process via /bct/sbin/dns-sd and execute arbitrary commands. Talos details show an exploit chain: craft XCMD to set...

PT-2022-21446 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X through 6.9Z Description: A denial of service issue exists in the XCMD doDebug functionality. This can be triggered by a specially-crafted XCMD, allowing an attacker to send a...

PT-2022-20165 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: A command injection issue exists in the XCMD setUPnP functionality, allowing arbitrary command execution through a specially-crafted XCMD. An attacker can...

SUSE-SU-2022:3714-1 Security update for multipath-tools

This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. bsc1202739 - Avoid linking to libreadline to avoid licensing issue bsc1202616 - Avoid device IO in 'multipath -u' bsc1125145, bsc1131789 - mpathpersist: optimize for...

Wrong implementation of function LBPair.setFeeParameter can break the funcionality of LBPair and make user's tokens locked

Lines of code Vulnerability details Vulnerable detail Struct FeeParameters contains 12 fields as follows: struct FeeParameters // 144 lowest bits in slot uint16 binStep; uint16 baseFactor; uint16 filterPeriod; uint16 decayPeriod; uint16 reductionFactor; uint24 variableFeeControl; uint16...

Gas, a positive social network for teens (no, really)

A new social network is currently in the news, billed as a positive space for teens to enjoy themselves. Im all for positive spaces online, but what is it, and will teens really be happier there than say Instagram, or even just hanging out in WhatsApp groups? Pump the gas Launched in August of th...

CVE-2022-3203 ORing net IAP-420(+) Hidden Functionality

On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...