PT-2022-25302 · WordPress · Registration Forms

Name of the Vulnerable Software and Affected Versions: Registration Forms WordPress plugin versions prior to 3.8.1.3 Description: The issue allows unauthenticated attackers to delete arbitrary users, along with their posts, due to a lack of authorisation and CSRF protection when deleting users vi...

An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.

...

An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY which is registered in wm8350_init_charger().

...

Delayed contests might be rugpulled by admin

Lines of code Vulnerability details In order to guarantee the raffle NFT will not be stuck in the contract, there’s a last resort option which allows the admin the reclaim the NFT from the contract. However, the timestamp as from which this action can take place, is calculated based on when the...

Functions of Trading contract can be reentered by Position.sol#mint

Lines of code Vulnerability details Impact Both the contracts of Position and Trading may not work correctly. Proof of Concept The Position.solmint calls safeMint will trigger a checkOnERC721Received callback, which can be used to reenter. Crackers can use this vulnerability to attack the protoco...

PT-2022-27572 · WordPress · Wp Shamsi

Name of the Vulnerable Software and Affected Versions: WP Shamsi plugin for WordPress versions up to, and including, 4.1.0 Description: The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init. This makes...

PT-2022-6664 · Tp Link · Tp-Link Tapo C200

Name of the Vulnerable Software and Affected Versions: TP-Link Tapo C200 camera version 1.1.22 Build 220725 Description: The issue is related to the implementation of the AES encryption algorithm in the TP-Link Tapo C200 camera, which involves the reuse of the AES Key-IV pair across all cameras...

Ubuntu: Security Advisory (USN-5773-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Owner can rug PrePOMarket using re-initialized finalLongPayout.

Lines of code Vulnerability details Description In PrePOMarket.sol, the finalLongPayout represents the finalized value of a single long token in the market. It is settled post ICO / IPO according to predetermined rules. The issue is that this value may be re-initialized as many times as owner...

The vulnerability of the Fortinet FortiClient for Windows installer allows a hacker to increase their privileges.

The vulnerability of the Fortinet FortiClient for Windows installer is related to initialization errors. Exploiting this vulnerability can allow an attacker to gain increased privileges...

[NAZ-H2] Update Initializer Modifier To Prevent Reentrancy During Initialization

Lines of code Vulnerability details Impact Currently the project uses both : "@openzeppelin/contracts": "4.2.0", "@openzeppelin/contracts-upgradeable": "4.2.0". This dependency has a known high severity vulnerability Deserialization of Untrusted Data Proof of Concept Because of the Deserializatio...

GSD-2022-1008160 can: j1939: j1939_send_one(): fix missing CAN header initialization

can: j1939: j1939sendone: fix missing CAN header initialization This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.225 by commit...

GSD-2022-1008083 Bluetooth: L2CAP: Fix attempting to access uninitialized memory

Bluetooth: L2CAP: Fix attempting to access uninitialized memory This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.154 by commit...

GSD-2022-1007933 can: j1939: j1939_send_one(): fix missing CAN header initialization

can: j1939: j1939sendone: fix missing CAN header initialization This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.79 by commit...

GSD-2022-1007923 btrfs: zoned: initialize device's zone info for seeding

btrfs: zoned: initialize device's zone info for seeding This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.79 by commit...

GSD-2022-1007771 can: j1939: j1939_send_one(): fix missing CAN header initialization

can: j1939: j1939sendone: fix missing CAN header initialization This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.9 by commit...

WordPress Popular Posts Plugin < 6.1.0 Improper Initialization Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

PT-2022-36008 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.9 Description: The issue is related to the initialization of device zone info for seeding in btrfs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

CVE-2022-43468

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...

Xxe

External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulate...