Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-206)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-206 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code executions. The vulnerability exists due to some memory corruptions which allows an attacker to inject and execute malicious codes into the system...

USN-5702-1 curl vulnerabilities

Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. CVE-2022-32221 Hiroki Kurosawa discovered that curl incorrectly handled parsin...

Information Disclosure

Batik bridge is vulnerable to information disclosure. The vulnerability exists in the function of DefaultScriptSecurity because the jars get loaded by default which allows an attacker to execute arbitrary codes into the system...

Information Disclosure

batik-script is vulnerable to information disclosure. The vulnerability is due to the visibleToScripts function in RhinoClassShutter.java not restricting access to batik internals from script which allows an attacker to execute arbitrary codes...

WordPress WIP Custom Login plugin <= 1.2.7 - Multiple Broken Access Control vulnerabilities

Multiple Broken Access Control vulnerabilities were discovered by Lana Codes Patchstack Alliance in the WordPress WIP Custom Login plugin versions = 1.2.7. Solution Update the WordPress WIP Custom Login plugin to the latest available version at least 1.2.8...

Stack-based Buffer Overflow

libksba is vulnerable to stack-based buffer overflow. The vulnerability exists due to an overflow directly in the TLV parser which allows an attacker to execute remote codes...

Amazon Linux 2022 : curl, curl-minimal, libcurl (ALAS2022-2022-145)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-145 advisory. A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This fl...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. The vulnerability exists due to use after free in logging which allows an attacker to inject and execute malicious codes in to the system...

CVE-2022-2891 WP 2FA < 2.3.0 - Time-Based Side-Channel Attack

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CVE-2022-2891

The CVE-2022-2891 entry documents a time-based side-channel attack in the WP 2FA WordPress plugin prior to version 2.3.0. The vulnerability arises from comparison operators that do not mitigate timing differences, potentially leaking information about authentication codes during comparison. Affec...

WordPress Official Integration for Billingo plugin <= 3.3.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Official Integration for Billingo plugin versions = 3.3.9. Solution Update the WordPress Official Integration for Billingo plugin to the latest available version at least 3.4.0...

ROS-20221007-21

The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are handled. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote user...

Remote Code Execution

moodle/moodle is vulnerable to remote code execution. The vulnerability exists in convertconfigdata function of lib.php when restoring backup files which allows an attacker to execute remote codes in the system...

When curl is used to retrieve and parse cookies from a HTTP(S) server itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

...

Add Client function is vulnerable to stored HTML injection

Description HTML Injection also termed as “virtual defacements” is one of the most simple and the most common vulnerability that arises when the web-page fails to sanitize the user-supplied input or validates the output, which thus allows the attacker to craft his payloads and injects the malicio...

WordPress miniOrange Discord Integration plugin <= 2.1.5 - Authenticated App Disabling vulnerability

Authenticated App Disabling vulnerability discovered by Lana Codes in WordPress miniOrange Discord Integration plugin versions = 2.1.5. Solution Update the WordPress miniOrange Discord Integration plugin to the latest available version at least 2.1.6...