676 matches found
CVE-2022-4060
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...
PT-2023-7904 · WordPress · User Post Gallery
Name of the Vulnerable Software and Affected Versions: User Post Gallery WordPress plugin versions 2.19 and earlier Description: The issue is related to insufficient authorization procedure in the User Post Gallery WordPress plugin, allowing remote attackers to execute arbitrary code. This is...
The vulnerability of the SSL/TLS WolfSSL library lies in its ability to read data beyond the buffer boundaries in memory. This allows attackers to gain unauthorized access to protected information or cause service failures.
The vulnerability of the SSL/TLS library WolfSSL is related to the ability to read data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause service failures through the...
VulnCheck KEV: CVE-2022-4060
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it...
kernel: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()
A vulnerability was found in the Linux kernel's ethtool implementation in the ioctl handling of coalesce settings, where the system attempts to change coalesce settings using the ethtoolsetcoalesce function without verifying the availability of both the .getcoalesce and .setcoalesce callbacks,...
GSD-2022-1007108 bpf: Fix reference state management for synchronous callbacks
bpf: Fix reference state management for synchronous callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
GSD-2022-1006864 bpf: Fix reference state management for synchronous callbacks
bpf: Fix reference state management for synchronous callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
PT-2022-35856 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...
PT-2022-35351 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...
PT-2022-35363 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue concerns reference state management for synchronous callbacks in the bpf component. It was introduced in version v5.13 and fixed in version v5.15.75. The actual impact and attack...
PT-2022-35679 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...
PT-2022-35545 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow if callback functions are enabled via the WOLFSSLCALLBACKS flag. A malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. Note: WOLFSSLCALLBACKS is only intended fo...
DEBIAN-CVE-2022-42905
In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...
UBUNTU-CVE-2022-42905
In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...
PT-2022-6103 · Wolfssl +1 · Wolfssl +1
Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 5.5.2 Description: The issue is related to a buffer over-read vulnerability in the wolfSSL library. This can be triggered by a malicious TLS 1.3 client or network attacker when callback functions are enabled via the...
apinto-dashboard 输入验证错误漏洞
apinto-dashboard is a visual UI project open source by eolinker. apinto-dashboard there is an input validation error vulnerability , the vulnerability stems from some unknown processing of the login , the operation of the parameter callbacks lead to open redirection...
GSD-2022-1005600 soundwire: revisit driver bind/unbind and callbacks
soundwire: revisit driver bind/unbind and callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
GSD-2022-1005250 soundwire: revisit driver bind/unbind and callbacks
soundwire: revisit driver bind/unbind and callbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...
CLSA-2022-1663184219 Fixed CVE-2022-2526 in systemd
CVE-2022-2526: use unref the DnsStream in callbacks correctly...