Upgraded Q -> M from 357 [1664289665374]

Judge has assessed an item in Issue 357 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2022-38704

Summary (CVE-2022-38704) : A CSRF vulnerability exists in the WordPress SEO Redirection plugin versions = 9.1 as a fix, or apply the provided workaround (restrict plugin settings access) where applicable. Monitor for updates from the listed advisories.

CVE-2022-38704 WordPress SEO Redirection plugin <= 8.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SEO Redirection plugin = 8.9 at WordPress, leading to deletion of 404 errors and redirection history...

ALPINE-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

DEBIAN-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

AZL-11046 CVE-2022-35252 affecting package curl for versions less than 7.86.0-1

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

The vulnerability of the Microsoft Endpoint Configuration Manager software for managing network devices allows a hacker to execute a spear-phishing attack and gain access to sensitive information, due to errors during the authentication process using Kerberos with NTLM.

The vulnerability of the Microsoft Endpoint Configuration Manager software for managing network devices is related to errors that occur during the authentication process using Kerberos and NTLM. Exploiting this vulnerability allows an attacker to execute a spear-phishing attack and gain access to...

Overflow in _baseVestedAmount() prevents claims to be retrieved

Lines of code Vulnerability details Impact Rewards of high value will be unable to be withdrawn since claimableAmount will revert. Proof of Concept In line 176, if we assume there's a claim of a token with 18 decimals and a vesting of 1 year, which is a realistic vesting period that can be observ...

The vulnerability of the cups-pk-helper-mechanism utility in the “EMIAS” operating system allows a perpetrator to cause a service failure or other effects due to insufficient memory.

The vulnerability of the cups-pk-helper-mechanism utility in the “EMIAS” operating system is related to memory release errors. Exploiting this vulnerability can allow an attacker to cause service failures or other effects due to insufficient memory resources...

openSUSE: Security Advisory for go1.18 (SUSE-SU-2022:3325-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:3325-1 Security update for go1.18

This update for go1.18 fixes the following issues: Update to go version 1.18.6 bsc1193742: - CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY bsc1203185...

libdnf bug fix and enhancement update

An update is available for libdnf. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A library providing simplified C and Python API to the libsolv package...

ROS-20220920-01

The grubscriptfunctioncreate function of the Grub configuration file has a vulnerability due to a function override error. function override error while this function is already executed. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its...

PT-2022-4838 · Microsoft · Endpoint Configuration Manager

Name of the Vulnerable Software and Affected Versions: Microsoft Endpoint Configuration Manager affected versions not specified Description: The issue is related to errors in the authentication process using Kerberos with NTLM. Exploitation of this issue may allow a remote attacker to conduct a...

The vulnerability of Intel Microcode processors lies in initialization errors related to memory access, allowing attackers to gain access to confidential data.

The vulnerability of Intel Microcode processors lies in memory initialization errors. Exploiting this vulnerability allows an attacker to gain access to confidential data...

The vulnerability of the SCSI am53c974 adapter driver in the hardware emulation software QEMU allows a hacker to induce a service failure.

The vulnerability of the SCSI am53c974 adapter driver in the QEMU hardware emulation software is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to cause a system failure...

The vulnerability of the ioport hardware emulation software under QEMU, related to pointer swapping errors, allows a hacker to trigger a service failure.

The vulnerability of the ioport hardware emulation software under QEMU is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to trigger a service failure...

Rounding errors can lead to wrong voting power

Lines of code Vulnerability details Impact The calculation of voting power in Crowdfund.getFinalContribution can lead to loss of voting power due to rounding errors. Tools Used Manual audit --- The text was updated successfully, but these errors were encountered: All reactions...

The vulnerability of the Samba networking communication package, related to pointer arithmetic errors, allows a hacker to trigger a service failure.

The vulnerability of the Samba networking communication package is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker to cause service failures...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to synchronization errors when using a common resource, allowing an attacker to disclose protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to synchronization errors when using a common resource. Exploiting these vulnerabilities can allow an attacker, operating remotely, to disclose sensitive information...