SUSE SLES15 Security Update : kernel (Live Patch 30 for SLE 15 SP1) (SUSE-SU-2022:4527-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4527-1 advisory. - A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function...

CVE-2022-20515

In onPreferenceClick of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-42859

Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences...

CVE-2022-42862

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences...

Code injection

Multiple issues were addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, watchOS 9.2. An app may be able to bypass Privacy preferences...

CVE-2022-42862

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to bypass Privacy preferences...

Overpayment of ETH is not refunded to the buyer

Lines of code Vulnerability details Impact Overpayment of ETH is not refunded to the buyer Proof of Concept ' function executeFundsTransfer address seller, address buyer, address paymentToken, Fee calldata fees, uint256 price internal if msg.sender == buyer && paymentToken == address0...

Multi Step upgrades introduce security risk

Lines of code Vulnerability details Impact If Governor upgrades the system using executeDiamondCutProposal function then freezing is removed. This could be a problem where Governor was still not ready to make freezable facet available as shown in POC Proof of Concept 1. Governor discovers a...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE in the ExpressionContextImpl class via jexl.createExpressionexpression.evaluatecontext; functionality, due to improper user input validation. Remediation There is no fixed version for com.bstek.uflo:uflo-core...

Liberapay: Email Address Exposure via Gratipay Migration Tool

Through the /migrate route, an attacker can input the username of any user on the site and retrieve their primary email address without any authorization required. Steps to reproduce: Note: This cannot be performed with hackerone-target, because that account seems to return a None as an email. 1...

Uncontrolled Resource Consumption in Jackson-databind

In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. This was patched in 2.12.7.1,...

CVE-2022-32849

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information...

MetaMask: Possible to spoof Origin in "Connected Sites"

A vulnerability was discovered in MetaMask that allowed for the spoofing of the origin domain name in the "Connected Sites" list. This was caused by a CSS style sheet that set the direction to "right-to-left", which resulted in the order of characters in the domain name being messed up and...

WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting

Exploit Title: WordPress Plugin ‘GetYourGuide Ticketing’ - Stored Cross-Site Scripting Date: 18-09-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/search/GetYourGuide+Ticketing/ Version: 1.0.1 Tested on: Firefox Contact me: [email protected]...

Malicious Package

Overview @tanver/vulnerable-code is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

CVE-2022-33723

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...

CVE-2022-33727

A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack...

CVE-2022-33727

CVE-2022-33727 describes a vulnerability in the SecDevicePickerDialog onCreate prior to Samsung SMR Aug-2022 Release 1, where flawed UI handling enables a tapjacking/overlay attack to trick users into selecting an unwanted Bluetooth device. The issue is documented across multiple sources (NVD, Re...

CVE-2022-2309

NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...

Null pointer dereference

NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code...