GSD-2022-1007686 9p/trans_fd: always use O_NONBLOCK read/write

9p/transfd: always use ONONBLOCK read/write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...

The Bug Report – November 2022 Edition

The Bug Report — November 2022 Edition By Trellix · December 07, 2022 This blog was written by Austin Emmitt Like granny always said, “never hack on an empty stomach.” Why am I here? This year I am thankful for some vivifying vulnerabilities and exceptional exploits! The world of enterprise...

FreeBSD : Python -- multiple vulnerabilities (050eba46-7638-11ed-820d-080027d3a315)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 050eba46-7638-11ed-820d-080027d3a315 advisory. - Python reports: gh-100001: python -m http.server no longer allows terminal control characters sent...

Actors, Threats and Vulnerabilities 28 November – 4 December 2022

...

CVE-2021-32875

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none...

omnia-raczynscy.pl Cross Site Scripting vulnerability OBB-3071621

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

jaguar-etype.nl Cross Site Scripting vulnerability OBB-3067160

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GLSA-202211-06 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202211-06 Mozilla Firefox: Multiple Vulnerabilities - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 - Service Workers should not be able to infer information about opaque...

User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example. The following Python script automates the exploitation of this plugin by uploading ...

Best of TaoSecurity Blog Kindle Edition Sale

I'm running a BlackFriday CyberMonday sale on my four newest Kindle format books. Volumes 1-4 of The Best of TaoSecurity Blog will be half off starting 9 pm PT Tuesday 22 Nov and ending 9 pm PT Tueday 29 Nov. They are here. There also appears to be a daily deal right now for the paperback of Volu...

MariaDB 10.2.0 < 10.2.5 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.2.5 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: MyISAM. Supported versions that are affected are...

lsvpd bug fix and enhancement update

An update is available for lsvpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.1...

GSD-2022-1007354 drm/msm/hdmi: fix memory corruption with too many bridges

drm/msm/hdmi: fix memory corruption with too many bridges This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.223 by commit...

GSD-2022-1007284 drm/bridge: megachips: Fix a null pointer dereference bug

drm/bridge: megachips: Fix a null pointer dereference bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...

GSD-2022-1007103 Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure

Bluetooth: hcildisc,serdev: check percpuinitrwsem failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

CVE-2022-28748

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to...

Use of abi.encodePacked on SizeSealed.computeMessage can cause auctions to never finalize

Lines of code Vulnerability details Impact The usage of abi.encodePacked on the SizeSealed.computeMessage function might cause an incorrect packing of baseAmount and the random salt for some specific combinations of bid/salt, which will cause SizeSealed.finalize to always revert with...

CVE-2022-39234

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Deleted/deactivated user could continue to use their account as long as its cookie is valid. This iss...

Khan Academy: xss due to incorrect handling of postmessages

Due to Insecure handling of create link tags a tags in a function called autolink found in 7Bmt.af733e428f9f986dfc96.js js e = n.autolinke, !0; const n = function const e = /\b?:?:https?://|www\d0,3.|a-z0-9.-+.a-z2,4/?:^\s&+|&|?:^\s|?:^\s+\+?:?:^\s|?:^\s+\|^\s!\;:'".,?«»“”‘’&/gi; return...

CVE-2022-42323

CVE-2022-42323 concerns Xenstore in the Xen hypervisor. The issue arises after the XSA-322 fix: any Xenstore node owned by a removed domain is reassigned to Dom0, enabling two cooperating guests to create an unbounded number of Xenstore nodes. This can exhaust Xenstore quota and lead to denial of...