openSUSE: Security Advisory for rmt (SUSE-SU-2023:0020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0023-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...

SUSE-SU-2023:0022-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...

SUSE-SU-2023:0021-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...

SUSE-SU-2023:0020-1 Security update for rmt-server

This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support bsc1205089 - Update the lastseenat column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode bsc1204769 - CVE-2022-31254: Fixed a loca...

Underlying With Non-Standard Decimals Not Supported

Lines of code Vulnerability details Impact Arithmetic operations are performed with the assumption that the token always has 18 decimals. Proof of Concept It would not be possible without using 18 decimal places of the base capital. Tools Used vscode Recommended Mitigation Steps Consider whether...

Upgraded Q -> M from 96 [1655008585673]

Judge has assessed an item in Issue 96 as Medium risk. The relevant finding follows: Impact - LOW PrePo protocol do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of...

SA-CONTRIB-2014-104 - Addressfield Tokens - Cross Site Scripting

The Addressfield Tokens module extends the Addressfield module by adding full token support. The module doesn't sufficiently filter malicious user input, opening a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)

The Webform Patched module is a fork of the Webform module with Token support added. The module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have...