PT-2022-17480 · Qualcomm · Snapdragon Mobile

Name of the Vulnerable Software and Affected Versions: Snapdragon Mobile affected versions not specified Description: The issue is related to memory corruption in the multimedia component of Snapdragon Mobile, caused by a use-after-free error during callback registration failure. Recommendations:...

CVE-2022-42463

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbusserver in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary comman...

Authentication flaw

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbusserver in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary comman...

CVE-2022-42463 Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ...

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbusserver in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary comman...

CVE-2022-42463

OpenHarmony v3.1.2 and earlier suffer an authentication bypass in the Softbus_server callback handler within the communication subsystem. By sending Bluetooth RFCOMM packets to a remote device, an attacker can cause arbitrary command execution on distributed networks. The issue is documented acro...

PT-2022-26446 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue is related to an authentication bypass vulnerability in the callback handler function of Softbus server in the communication subsystem. Attackers can exploit this by sending Bluetooth...

Use of globalState.unlocked state change outside lock modifier allows for Re-entrancy which would cause huge loss to pool

Lines of code Vulnerability details I guess I can put this into one report since the issue affects two seperate functions in a contract. Impact The functions AlgebraPool.swap and AlgebraPool.swapSupportingFeeOnInputTokens attempt to not use the lock modifier to update the globalState.unlocked sta...

GHSA-4RXR-27MM-MXQ9 Upstash Adapter missing token verification

Impact Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected. Description The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checking for the identifier when verifying the token in t...

FLASH() FUNCTION HAS STATE UPDATES AFTER A CALLBACK TO MSG.SENDER

Lines of code Vulnerability details In AlgebraPool.sol, the flash function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function reentranc...

PT-2022-33448 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to a use-after-free crash in the dm sm register threshold callback function. It was introduced in version v3.10 and fixed in version v5.19.2. The actual impact and attac...

PT-2022-24805 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: The issue allows unauthenticated users to take over an Onedev instance if there is no properly configured reverse proxy. The "/git-prereceive-callback" endpoint, intended for localhost access, can b...

Invalid payout is accepted

Lines of code Vulnerability details Impact In callback function, getMarketInfoForPurchase also returns maxPayout as last argument. This is not compared against outputAmount which means if market asks for higher outputAmount then the contract will simply pay Similar instance Also check the...

PT-2022-8689 · Unknown · 4Thline Cling

Name of the Vulnerable Software and Affected Versions: 4thline cling versions 2.0.0 through 2.1.2 Description: The issue in the UPnP protocol allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header. As of 2022, 4thline cling is no longer...

NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails

Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...

GHSA-XV97-C62V-4587 NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails

Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...

NameWrapper._transferAndBurnFuses() allows reentrancy on onERC1155Received callback

Lines of code Vulnerability details Impact When calling the internal function transferAndBurnFuses in NameWrapper.setSubnodeOwner or NameWrapper.setSubnodeRecord , ERC1155Fuse.transfer is called before setFuses which creates a reentrancy opportunity when newOwner is a contract, which may allow a...

‘Callback’ Phishing Campaign Impersonates Security Firms

A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the...

ArgoCD 跨站脚本漏洞

Argo is an open source container-native workflow engine.ArgoCD is an application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository,...

PT-2022-20529 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.3.0 through 2.3.5 Argo CD versions 2.4.0 through 2.4.4 Description: The issue is a cross-site scripting XSS bug that could allow an attacker to inject arbitrary JavaScript in the "/auth/callback" page in a victim's browser...