PT-2023-15962 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.0.5 Description: The issue allows local attackers to bypass authentication and attack other SAs with high privilege through an "SA relay attack". This is due to an authentication bypass vulnerability in the...

ROS-20221222-22

A vulnerability in the cURL command-line utility is related to a bounds error in parsing the .netrc file. Exploitation vulnerability could allow an attacker acting remotely to transfer a specially crafted file, cause a stack-based buffer overflow, and perform a denial of service DoS attack The cU...

Vulnerability of the intr_callback() function (drivers/net/usb/r8152.c) in Linux operating system kernels, allowing a hacker to cause a service failure

The vulnerability of the intrcallback function drivers/net/usb/r8152.c in Linux operating systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks

From September to December, we detected multiple attacks from the Royal ransomware group. In this blog entry, we discuss findings from our investigation of this ransomware and the tools that Royal ransomware actors used to carry out their attacks...

Reentrancy in GroupBuy.purchase allows buying NFT twice

Lines of code Vulnerability details Impact In GroupBuy.purchase, poolInfopoolId.success which prevents buying the same NFT again is only set to true after the sale was executed. This can be exploited by reentering in the following line: address vault = IMarketBuyermarket.executevalue:...

CVE-2022-20535

In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed...

PT-2022-14741 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the HalCoreCallback of halcore.cc due to a missing bounds check. This could lead to local information disclosure from the NFC firmware with no...

CVE-2022-40002

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...

PT-2022-25161 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.1.1 Description: The issue allows remote attackers to run arbitrary code via the callback parameter to the "/cms/notify" API endpoint. This enables attackers to execute malicious scripts on the victim's browser, potentially...

CVE-2022-40002

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify...

PT-2024-11781 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null pointer dereference in the cxl/region component of the Linux kernel. This occurs when the cxl region decode reset function is called, and the -reset...

CVE-2022-40002

FeehiCMS 2.1.1 is affected. The vulnerability allows an attacker to execute arbitrary scripts via the callback parameter to the /cms/notify API, leading to XSS and potential browser-based actions. Root cause: unvalidated callback handling in the notify endpoint. Affected component: FeehiCMS-2.1.1...

Use of payable.transfer() may lock user funds

Lines of code Vulnerability details Impact The use of payable.transfer is heavily frowned upon because it can lead to the locking of funds. The transfer call requires that the recipient has a payable callback, only provides 2300 gas for its operation. This means the following cases can cause the...

curl: POST following PUT confusion

A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...

curl: POST following PUT confusion

A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...

Cross site scripting

Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...

CVE-2022-46151

CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...

PT-2022-27768 · Querybook · Querybook

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.14.2 Description: The issue concerns Querybook, an open source data querying UI. In affected versions, user-provided data is not escaped in the error field of the auth callback URL in...

ALPINE-CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

DEBIAN-CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...