PT-2022-36767 · Git +1 · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 8 crash type. The crash state involves functions such as output thread, step callback, and flb task...

CVE-2022-3940

A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument filename leads to path traversal. The associated identifier of this vulnerability is VDB-213447...

ferry 路径遍历漏洞

ferry is lanyulei personal developer based on Gin + Vue + Element UI front-end and back-end separation of the work order system. There is a path traversal vulnerability in ferry, which originates from some unknown functionality in the apis/process/task.go file and can be exploited by an attacker ...

PT-2022-24958 · Unknown · Lanyulei Ferry

Name of the Vulnerable Software and Affected Versions: lanyulei ferry affected versions not specified Description: A problematic issue was found in lanyulei ferry, affecting an unknown part of the file apis/process/task.go. The manipulation of the file name argument leads to path traversal...

CVE-2022-20441

In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not...

kernel: ath11k: Fix frames flush failure caused by deadlock

In the Linux kernel, the following vulnerability has been resolved: ath11k: Fix frames flush failure caused by deadlock We are seeing below warnings: kernel: 25393.301506 ath11kpci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: 25398.421509 ath11kpci 0000:01:00.0: failed to flush mgm...

Apache DolphinScheduler Path Traversal Vulnerability (CNVD-2022-78865)

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is vulnerable to a path traversal vulnerability in versions prior to Apache DolphinScheduler 3.0.0, which stems from a path traversal when a user adds a resource to the...

@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-39381 via hummus (>=1.0.104 <=1.0.110)

hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-39381 Source advisory: OSV:GHSA-RCRX-FPJP-MFRW...

kernel: posix-cpu-timers: Cleanup CPU timers before freeing them during exec

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: Cleanup CPU timers before freeing them during exec Commit 55e8c8eb2c7b "posix-cpu-timers: Store a reference to a pid not a task" started looking up tasks by PID when deleting a CPU timer. When a non-leader threa...

@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-25892 via hummus (>=1.0.104 <=1.0.110)

hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-25892 Source advisory: OSV:GHSA-9CV5-4WQV-9W94...

XSS Stored - Content of tasks are not sanitize

Description If a user inject an XSS payload inside the content of a task. All users that visit the kanban will execute the corresponding XSS payload. Proof of Concept Create XSS in task content XSS is executed...

kernel: iavf: Fix reset error handling

A deadlock condition exists in the linux kernel such that when calling iavfclose in iavfresettask error handling,doing so can lead to double call of napidisable thereby leading to a denial of service due to the deadlock...

October 25, 2022—KB5018496 (OS Build 22621.755) Preview

October 25, 2022—KB5018496 OS Build 22621.755 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to...

October 25, 2022—KB5018483 (OS Build 22000.1165) Preview

October 25, 2022—KB5018483 OS Build 22000.1165 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to...

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

Details have emerged about a previously undocumented and fully undetectable FUD PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threa...

PT-2022-7023 · Python +6 · Python +6

Name of the Vulnerable Software and Affected Versions: Python versions through 3.9.1 Python version 3.12.0b1 Description: The issue is related to the hmac.compare digest function in the Lib/hmac.py module, where constant-time-defeating optimisations were possible in the accumulator variable. This...

PT-2022-05: Stored Cross-Site Scripting (XSS)

Input validation was missing while creating the schedule task in alarm reports dashboard. An attacker can create a script to inject XSS. The attack can only be performed by an internal user. The vulnerability is fixed in NetAct 22 FP2211 and onwards. Advisory status 10.10.2022 - Vendor gets...

GSD-2022-1006490 mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.

mm: slub: fix flushcpuslab/freeslab invocations in task context. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0 by commit...

Denial of Service (DoS)

Overview fatfreecrm is a customer relationship management platform. Affected versions of this package are vulnerable to Denial of Service DoS in the findallgrouped function in models/polymorphic/task.rb, by users with bucket access. Details Denial of Service DoS describes a family of attacks, all...

PT-2022-34790 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.12 Description: The issue is related to the slub component in the Linux Kernel, specifically with the flush cpu slab and free slab functions being invoked in a task context. The actual impact and attack...