PT-2022-33312 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.6 Description: The issue concerns a logic flaw in the LAG Link Aggregation functionality over the MLX5 LAG FLAG NDEVS READY flag. The actual impact and potential for attack have not been proven yet...

GHSA-WRRW-CRP8-979Q Pageflow vulnerable to sensitive user data extraction via Ransack query injection

Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...

SuiteCRM authenticated SQL injection in export functionality

This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from t...

Authentication flaw

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a...

CVE-2022-36385

CVE-2022-36385 affects Contec Health CMS8000 family (CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor). The vulnerability arises from improper access controls that permit a threat actor with momentary physical access to insert a USB drive and perform a malicious firmware update, causing permane...

Service-Update-0.40-for-Microsoft-Dynamics CRM ( on-premises)-9.0

Service-Update-0.40-for-Microsoft-Dynamics CRM on-premises-9.0 Dynamics 365 Introduction Service Update 9.0.40 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.40. More information Update package|...

OPENSUSE-SU-2022:10118-1 Security update for opera

This update for opera fixes the following issues: Update to 90.0.4480.84 - DNA-101690 Cherry-pick fix for CVE-2022-3075 from chromium Update to 90.0.4480.80 - DNA-99188 Tab Tooltip doesn't disappear - DNA-100664 Shopping corner widget - DNA-100843 Options to install and update VPN Pro app, when...

Can not Claim the second time per Spec requirement

Lines of code Vulnerability details Impact Reading the spec, MerkleReedeemerSpec "The user can claim a configurable amount of each ctoken, or all of them if possible" means, the claim amount can be called multiple times. Meanwhile, in RariMerkleRedeemer.sol, inside the claim function, it requires...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept Steps to reproduce: 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively ...

Windows shellcode stage, Hidden Bind TCP Stager

Custom shellcode stage. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/windows/custom/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentcp set ACTION msf payloadbindhiddentcp show optio...

SUSE-SU-2022:3172-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja = and = 23.0.0 bsc1201082 - Add support for name, pkgs and diffattr parameters to upgrade function for zypper and yum bsc1198489 - Fix possible errors on...

Huawei HarmonyOS WLAN module licensing issue vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS has an authorization issue vulnerability that stems from insufficient checksum of WLAN module privileges, which could be exploited by an attacker to cau...

CVE-2022-3026

The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...

PT-2022-4704 · Cognex · Cognex 3D-A1000 Dimensioning System

Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to improper output neutralization for logs, which can be exploited by a remote attacker to create arbitrary log files. This can lead to the...

Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series

Overview FLEXLAN FX3000 and FX2000 series provided by Contec Co., Ltd. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-36158 Use of Hard-coded Credentials CWE-798 - CVE-2022-36159 Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these...

Cross site scripting

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

PT-2022-15528 · Red Hat · Keycloak +1

Name of the Vulnerable Software and Affected Versions: Red Hat Single Sign-On 7 Keycloak versions prior to 18.0.1 Description: A Stored Cross-site scripting XSS vulnerability was found in Keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious...

Null pointer dereference

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system...

Authentication flaw

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

CVE-2022-30317

Summary (CVE-2022-30317, Honeywell Experion LX) : The vulnerability arises from the EpicMo protocol (55565/TCP) used by the Honeywell Experion LX DCS for device diagnostics/maintenance, which exposes unauthenticated functionality. Affected products include Experion LX up to 2022-05-06. The issue ...