Plugins can be abused, custom FERC1155 Token can be abused

Lines of code Vulnerability details Impact HIGH - Assets can be stolen/compromised/lost directly. The creator of vault can add any functionality they want by plugins. Also they can bring any tokens for the vault. It can be used against users, or it will make exploits easier to execute. Proof of...

Buyout griefing can block almost all functionalities

Lines of code Vulnerability details Impact Everyone can start a Buyout for a vault by paying only 1 wei. For the next 4 days no other Buyout can start. If someone is fast enough, they can start another griefing buyout as soon as one finishes, meaning that it's possible to block the functionality ...

CVE-2022-34754

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C A9XELC10-A V1.7.5 and prior, Acti9 PowerTag Link C A9XELC10-B V2.12.0 and prior...

Privilege escalation

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C A9XELC10-A V1.7.5 and prior, Acti9 PowerTag Link C A9XELC10-B V2.12.0 and prior...

CVE-2022-34754

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C A9XELC10-A V1.7.5 and prior, Acti9 PowerTag Link C A9XELC10-B V2.12.0 and prior...

CVE-2017-20127

A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has...

[SECURITY] Fedora 36 Update: apptainer-1.0.2-2.fc36

Apptainer provides functionality to make portable containers that can be used across host environments...

CVE-2022-2262 Online Hotel Booking System Room edit_all_room.php sql injection

A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file editallroom.php of the component Room Handler. The manipulation of the argument id with the input...

CVE-2022-35412

Digital Guardian Agent 7.7.4.0042 allows an administrator who ordinarily does not have a supported way to uninstall the product to disable some of the agent functionality and then exfiltrate files to an external USB device...

Apple’s Lockdown Mode

Apple has introduced lockdown mode for high-risk users who are concerned about nation-state attacks. It trades reduced functionality for increased security in a very interesting way...

EUVD-2022-52756

Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi version...

CVE-2022-31125

CVE-2022-31125: Roxy-WI authentication bypass vulnerability allowing remote, unauthenticated access to admin functionality via a crafted HTTP request. Affected: Roxy-WI before 6.1.1.0. Exploitation exists (exploit-db/poC references). Remediation: upgrade to version 6.1.1.0 or later; exploit examp...

[SECURITY] Fedora 36 Update: mingw-wavpack-5.4.0-5.fc36

WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Although the technology is loosely based on previous versions of WavPack, the new version 4 format has been designed from the ground up to offer unparalleled...

CVE-2022-28127

A data removal vulnerability exists in the webserver /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability...

Using process creation properties to catch evasion techniques

We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques breaks some assumptions made by security products and enables...

Design/Logic Flaw

A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been...

Wire Cross-Site Scripting Vulnerability (CNVD-2022-65920)

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...

Use After Free

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev commit b5f1eacd and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2172-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2172-1 advisory. - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection...

Unable to access ADC GUI while CLI is accessible.

ADC GUI is inaccessible. Ping and CLI is working. /Var folder was normal. Internal services are UP. GUI is enabled for NSIPif not use command : set ns ip -gui enabled...