3365 matches found
PT-2022-14498 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In Keyguard, there is a missing permission check. This could lead to local escalation of privilege and prevention of screen timeout with User execution privileges needed. User interaction is not needed...
Prestashop blockwishlist module 2.1.0 - SQL injection Exploit
Exploit Title: Prestashop blockwishlist module 2.1.0 - SQLi Date: 29/07/22 Exploit Author: Karthik UJ @5up3r541y4n Vendor Homepage: https://www.prestashop.com/en Software Link blockwishlist: https://github.com/PrestaShop/blockwishlist/releases/tag/v2.1.0 Software Link prestashop:...
Server communication timeout error while accessing the vdisk pool after upgrade to 1912 CU5
'Server communication timeout' error while accessing the vdisk pool node in the Citrix Provisioning PVS console after upgrade to 1912 CU5' There were no issues with the other nodes in the PVS Console...
What is Citrix ADC TCP retransmit timeout (RTO) value
You may need to know Citrix ADC's TCP retransmit timeout RTO for troubleshooting retransmission issues...
OSV-2022-616 Timeout in JsonFuzzer
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49401 Crash type: Timeout Crash state: JsonFuzzer...
PT-2022-10741 · Undertow · Undertow
Name of the Vulnerable Software and Affected Versions: Undertow versions prior to 2.2.15 Final Description: A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...
Valinor error messages leading to potential data exfiltration before v0.12.0
php registerConstructorMoney::class, 'fromString' -mapper; try vardump$mapper-mapFoo::class, 'a' = 'HAHA', 'b' = '100 EUR', 'c' = 'USD 100' ; catch MappingError $e $messages = new NodeTraverserfunction Node $node foreach $node-messages as $message vardump '$message', $message-path, $message-body ...
undertow: client side invocation timeout raised when calling over HTTP2
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks...
GO-2022-0233 Resource exhaustion in github.com/pires/go-proxyproto
The PROXY protocol server does not impose a timeout on reading the header from new connections, allowing a malicious client to cause resource exhaustion and a denial of service by opening many connections and sending no data on them. v0.6.0 of the proxyproto package adds support for a user-define...
OESA-2022-1730 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: NFC: netlink: fix sleep in atomic bug when firmware download timeoutCVE-2022-1975 In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalati...
CVE-2022-31093
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...
Design/Logic Flaw
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...
CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...
ZEIT Next.js 代码问题漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. NextAuth.js is the authentication for Next.js. A code issue vulnerability exists in Next.js NextAuth.js versions prior to 3.29.5 and prior to 4.5.0 that stems from a lack of validati...
Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)
Summary IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system. Vulnerability Details...
CVE-2022-20133
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Design/Logic Flaw
In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
PT-2022-14372 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-12L Description: The issue is related to a missing permission check in the setDiscoverableTimeout function of AdapterService.java. This could lead to a bypass of user interaction, resulting in local...
CVE-2021-35094
Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
Design/Logic Flaw
Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...