PT-2025-26018 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-rc6 Description: A use-after-free issue has been identified in the Linux kernel, specifically in the dm sm register threshold callback function. This issue can be triggered when a metadata commit fails,...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

CVE-2022-42905

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

OESA-2022-2041 curl security update

CURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to th...

OESA-2022-2040 curl security update

CURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback...

OESA-2022-2039 curl security update

CURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback...

Open Redirect

github.com/eolinker/apinto-dashboard is vulnerable to open redirects. A malicious user is able to redirect the victim to a malicious site via a malicious URL injected through the /login file due to the use of argument callback functionality...

MGASA-2022-0405 Updated curl packages fix security vulnerability

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. CVE-2022-32221...

CVE-2022-3804

A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed ...

CVE-2022-3804

A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed ...

CVE-2022-3797

A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the...

Open redirect

A vulnerability was found in eolinker apinto-dashboard. It has been rated as problematic. This issue affects some unknown processing of the file /login. The manipulation of the argument callback leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the...

PT-2022-24174 · Unknown · Eolinker Apinto-Dashboard

Name of the Vulnerable Software and Affected Versions: eolinker apinto-dashboard affected versions not specified Description: A problematic issue has been found, affecting an unknown function of the file /login. The manipulation of the callback argument leads to cross-site scripting. It is possib...

apinto-dashboard 跨站脚本漏洞

apinto-dashboard is a visual UI project open source by eolinker. apinto-dashboard has a security vulnerability , the vulnerability stems from some unknown features of the login , the operation of the parameter callback leads to cross-site scripting...

phpCAS vulnerable to Service Hostname Discovery Exploitation

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service CAS server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a...

IBAX go-ibax SQL注入漏洞

IBAX go-ibax is a blockchain system platform from IBAX Corporation. IBAX go-ibax suffers from a SQL injection vulnerability that stems from unknown functionality in file/api/v2/open/tablesInfo, where manipulation of parameter callbacks leads to SQL injection...

CVE-2022-3797

CVE-2022-3797 affects the eolinker apinto-dashboard login processing. Multiple connected sources describe an open redirect vulnerability caused by manipulation of the callback parameter in the /login path. The issue can be triggered remotely and the exploit has been disclosed publicly. Sources co...

PT-2022-24167 · Eolinker · Eolinker Apinto-Dashboard

Name of the Vulnerable Software and Affected Versions: eolinker apinto-dashboard affected versions not specified Description: A problematic issue affects the processing of the file /login, where the manipulation of the callback argument leads to an open redirect. This issue can be initiated...

DEBIAN-CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...

UBUNTU-CVE-2022-3697

A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...