September 13, 2022—KB5017377 (Security-only update)

September 13, 2022—KB5017377 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. IMPORTANTWindows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020,...

CVE-2022-25641

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...

CVE-2022-25641

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...

CVE-2022-25641

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...

CVE-2022-25641

Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack...

CVE-2022-25641

Affected software : Foxit PDF Reader < 11.2.2, Foxit PDF Editor < 11.2.2, and PhantomPDF

tzdata bug fix and enhancement update

An update is available for tzdata. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The tzdata packages contain data files with rules for various time zones. The...

WordPress Plugin YaySMTPr 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CURL-CVE-2022-32207 Non-preserved file permissions

When curl saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target filename. In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated...

Buyer can initiateBuyout by sending less value than current valuation

Lines of code Vulnerability details Impact Intuitively, a buyer calling initiateBuyout should be sending a msg.value greater than or equal to current valuation. However, they can actually send less than this amount and still initiate the buyout. On line 404 we have requirebuyoutBid =...

Foxit PhantomPDF < 10.1.8 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 10.1.8. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash...

SUSE: Security Advisory (SUSE-SU-2022:1920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-GVFX-9M9V-H839 Magento is affected by an improper input validation vulnerability while saving a customer's details

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. An authenticated attacker with admin privileges can leverage this vulnerability to...

The vulnerability of the HSTS mechanism in Firefox browsers for Android allows attackers to compromise data integrity.

The vulnerability of the HSTS mechanism in Firefox browsers for Android is related to errors in saving HSTS settings. Exploiting this vulnerability can allow a remote attacker to compromise data integrity...

Foxit PDF Reader < 11.2.2 Multiple Vulnerabilities

According to its version, the Foxit PDF Reader application previously named Foxit Reader installed on the remote Windows host is prior to 11.2.2. It is, therefore affected by multiple vulnerabilities: - Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash...

CVE-2022-29263

On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component...

tzdata bug fix and enhancement update

The tzdata packages contain data files with rules for various time zones. The tzdata packages have been updated to version 2022a, which addresses recent time zone changes. Notably: In Palestine the daylight saving time DST starts on March 27, 2022, not on March 26. The zdump -v command now output...

ALBA-2022:1032 tzdata bug fix and enhancement update

The tzdata packages contain data files with rules for various time zones. The tzdata packages have been updated to version 2022a, which addresses recent time zone changes. Notably: In Palestine the daylight saving time DST starts on March 27, 2022, not on March 26. The zdump -v command now output...

DepositBoxERC20 does not support fee-on-transfer token

Lines of code Vulnerability details Impact The transfered amount is saved without checking the actual amount of token received after the transfer. Proof of Concept saveTransferredAmountschainHash, erc20OnMainnet, amount; require ERC20Upgradeableerc20OnMainnet.transferFrom msg.sender, addressthis,...

Wordpress Plugin WPLegalPages 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...