GSD-2022-1003005 um: Fix out-of-bounds read in LDT setup

um: Fix out-of-bounds read in LDT setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

GSD-2022-1002654 um: Fix out-of-bounds read in LDT setup

um: Fix out-of-bounds read in LDT setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

gnome-initial-setup bug fix and enhancement update

An update is available for gnome-initial-setup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnome-initial-setup packages provide the Initial Setup...

gnome-control-center bug fix and enhancement update

An update is available for gnome-control-center. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnome-control-center package contains configuration utilitie...

CVE-2022-1971

The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-1010

The Login using WordPress Users WP as SAML IDP WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in...

CVE-2022-1095

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

CVE-2022-1113

The Flower Delivery by Florist One WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups...

Cross site scripting

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

Cross site scripting

The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup...

CVE-2022-1029 Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite...

CVE-2022-33202

Authentication bypass vulnerability in the setup screen of L2Blockeron-premise Ver4.8.5 and earlier and L2BlockerCloud Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative path...

CVE-2022-33202

Authentication bypass vulnerability in the setup screen of L2Blockeron-premise Ver4.8.5 and earlier and L2BlockerCloud Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative path...

Authentication flaw

Authentication bypass vulnerability in the setup screen of L2Blockeron-premise Ver4.8.5 and earlier and L2BlockerCloud Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative path...

CVE-2022-33202

Authentication bypass vulnerability in the setup screen of L2Blockeron-premise Ver4.8.5 and earlier and L2BlockerCloud Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative path...

Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Ignored Download...

PT-2022-13602

Name of the Vulnerable Software and Affected Versions Limit Login Attempts WordPress plugin versions prior to 4.0.72 Description The issue allows malicious users with administrator privileges to store malicious Javascript code, leading to Cross-Site Scripting attacks when unfiltered html is...

The vulnerability of the Intel Setup and Configuration Software (SCS) data collection tool, as well as the configuration tools for the Intel Management Engine BIOS Extension and the Intel Active Management Technology implementation, related to insufficient protection of registration data, allows a perpetrator to disclose protected information.

The vulnerability of the Intel Setup and Configuration Software SCS data collection tool, as well as the configuration tools for the Intel Management Engine BIOS Extension and the Intel Active Management Technology implementation, is related to insufficient protection of registration data...

MAL-2022-7353 Malicious code in ykeykey-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 234eec78ac053b64b3e9a940d19743115698ac232ac124fafc4c843ba553b645 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...