OPENSUSE-SU-2022:10118-1 Security update for opera

This update for opera fixes the following issues: Update to 90.0.4480.84 - DNA-101690 Cherry-pick fix for CVE-2022-3075 from chromium Update to 90.0.4480.80 - DNA-99188 Tab Tooltip doesn't disappear - DNA-100664 Shopping corner widget - DNA-100843 Options to install and update VPN Pro app, when...

Can not Claim the second time per Spec requirement

Lines of code Vulnerability details Impact Reading the spec, MerkleReedeemerSpec "The user can claim a configurable amount of each ctoken, or all of them if possible" means, the claim amount can be called multiple times. Meanwhile, in RariMerkleRedeemer.sol, inside the claim function, it requires...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept Steps to reproduce: 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively ...

Windows shellcode stage, Hidden Bind TCP Stager

Custom shellcode stage. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/windows/custom/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf payloadbindhiddentcp set ACTION msf payloadbindhiddentcp show optio...

SUSE-SU-2022:3172-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja = and = 23.0.0 bsc1201082 - Add support for name, pkgs and diffattr parameters to upgrade function for zypper and yum bsc1198489 - Fix possible errors on...

Huawei HarmonyOS WLAN module licensing issue vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS has an authorization issue vulnerability that stems from insufficient checksum of WLAN module privileges, which could be exploited by an attacker to cau...

CVE-2022-3026

The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that...

PT-2022-4704 · Cognex · Cognex 3D-A1000 Dimensioning System

Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to improper output neutralization for logs, which can be exploited by a remote attacker to create arbitrary log files. This can lead to the...

Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series

Overview FLEXLAN FX3000 and FX2000 series provided by Contec Co., Ltd. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-36158 Use of Hard-coded Credentials CWE-798 - CVE-2022-36159 Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these...

Cross site scripting

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

PT-2022-15528 · Red Hat · Keycloak +1

Name of the Vulnerable Software and Affected Versions: Red Hat Single Sign-On 7 Keycloak versions prior to 18.0.1 Description: A Stored Cross-site scripting XSS vulnerability was found in Keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious...

Authentication flaw

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

Null pointer dereference

A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system...

CVE-2022-30317

Summary (CVE-2022-30317, Honeywell Experion LX) : The vulnerability arises from the EpicMo protocol (55565/TCP) used by the Honeywell Experion LX DCS for device diagnostics/maintenance, which exposes unauthenticated functionality. Affected products include Experion LX up to 2022-05-06. The issue ...

DEBIAN-CVE-2022-2961

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rosebind function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-36115

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...

Cross-Site Request Forgery

getkirby/kirby is vulnerable to cross-site request forgery. The vulnerability exists because delete page functionality is not properly handled which allows a remote attacker to inject and execute malicious script into the system...

PT-2025-25887

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel's bpf Berkeley Packet Filter functionality. It involves the propagation of precision markers for certain types of arguments, which is necessary f...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...