PT-2022-23541 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 3.6.2 Description: The issue allows for an arbitrary file download via the "background file download API". Recommendations: For Novel-Plus version 3.6.2, consider restricting access to the background file download API until...

CVE-2022-36045 Account takeover via cryptographically weak PRNG in NodeBB Forum

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

CVE-2022-36037

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

Cross site scripting

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

PT-2022-23479 · Sinsiu · Sinsiu Enterprise Website System

Name of the Vulnerable Software and Affected Versions: Sinsiu Sinsiu Enterprise Website System version 1.1.1.0 Description: The issue is related to a remote code execution RCE vulnerability. It can be exploited via the component /upload/admin.php?/deal/. Recommendations: For Sinsiu Sinsiu...

PT-2022-23398 · H3C · H3C B5 Mini

Name of the Vulnerable Software and Affected Versions: H3C B5 Mini version B5MiniV100R005 Description: A stack overflow issue was discovered via the function AddMacList. This issue affects the H3C B5 Mini device. Recommendations: For H3C B5 Mini version B5MiniV100R005, consider disabling the...

PT-2022-23427 · H3C · H3C Magic Nx18 Plus

Name of the Vulnerable Software and Affected Versions: H3C Magic NX18 Plus version NX18PV100R003 Description: A stack overflow issue was discovered via the function EDitusergroup. Recommendations: For H3C Magic NX18 Plus version NX18PV100R003, as a temporary workaround, consider disabling the...

PT-2022-24096 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: A stack overflow issue was discovered via the list parameter at the formSetQosBand function. Recommendations: For Tenda AX1803 version 1.0.0.1, consider restricting access to the formSetQosBand functi...

Double free

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

PT-2022-4391 · Adobe · Framemaker

Name of the Vulnerable Software and Affected Versions: Adobe FrameMaker versions 2019 Update 8 and earlier Adobe FrameMaker versions 2020 Update 4 and earlier Description: The issue is related to an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past th...

PT-2022-16409 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow issue exists in the GetValue functionality. This can be triggered by a specially-crafted configuration value, leading to a buffer overflow. An attacker can modify a...

CVE-2022-35926 Out-of-bounds read in IPv6 neighbor solicitation in Contiki-NG

Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module...

[Important] [Security] Virtuozzo ReadyKernel patch 144.1 for Virtuozzo Hybrid Server 7.0, 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.x. NOTE: No more updates are planned for the kernels 3.10.0-1127.8.2.vz7.158.8 and 3.10.0-1127.18.2.vz7.163.46. Vulnerability id: VSTOR-55377...

ibuilder4.it Cross Site Scripting vulnerability OBB-2809634

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Design/Logic Flaw

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

ziraattimes.com Cross Site Scripting vulnerability OBB-2806272

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-31151 Uncleared cookies on cross-host/cross-origin redirect in undici

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Vinay Kumar and Chintan Shah · July 19, 2022 Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned CVE-2022-30190 in Microsof...

SUSE-SU-2022:2425-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses bsc1201328. - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding bsc1201325. - CVE-2022-32214: Fixed HTTP request smuggling due to...