GSD-2022-1003134 fsnotify: fix wrong lockdep annotations

fsnotify: fix wrong lockdep annotations This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

go-toolset:rhel8 security and bug fix update

An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

MantisBT < 2.25.5 Multiple Vulnerabilities - Windows

MantisBT is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MantisBT < 2.25.5 Multiple Vulnerabilities - Linux

MantisBT is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Yieldy._storeRebase() saves and emits wrong values.

Lines of code Vulnerability details Impact Yieldy.storeRebase saves and emits wrong values. I don't think the asset will be lost directly because of this but the rebase storage will have wrong values and it might affect the system later. Proof of Concept The previousCirculating must be a previous...

_storeRebase() is called with the wrong parameters

Lines of code Vulnerability details storeRebase's signature is as such: Yieldy.solstoreRebase File: Yieldy.sol 104: / 105: @notice emits event with data about rebase 106: @param previousCirculating uint 107: @param profit uint 108: @param epoch uint 109: / 110: function storeRebase 111: uint256...

Funds may be stuck when redeeming for Illuminate

Lines of code Vulnerability details Impact Funds may be stuck when redeeming for Illuminate. Proof of Concept Assuming the goal of calling redeem for Illuminate here is to redeem the Illuminate principal held by the lender or the redeemer, then there is an issue because the wrong balance is...

CVE-2022-32530

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile...

CVE-2022-32530

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile...

CVE-2022-32530

CVE-2022-32530 affects Schneider Electric’s Geo SCADA Mobile (Build 222 and prior). The vulnerability is described as CWE-668: Exposure of Resource to Wrong Sphere, which could mislead users by hiding alarms or presenting incorrect server connection options or control requests when a mobile devic...

CVE-2022-32530

A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile...

CVE-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

Default credentials

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

Denial Of Service (DoS)

eap7 is vulnerable to denail of service. The vulnerability exists due to a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal...

CVE-2022-20134

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL making it a *different* URL usingthe wrong host name when it is later retrieved.For example a URL like `http://example.com%2F127.0.0.1/` would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters checks and more.

...

GHSA-RWF4-GX62-RQFW `MsQueue` `push`/`pop` use the wrong orderings

Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild:...

RUSTSEC-2022-0029 `MsQueue` `push`/`pop` use the wrong orderings

Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild:...

DEBIAN-CVE-2022-27778

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when --no-clobber is used together with --remove-on-error...

Improper Certificate Validation

Overview com.squareup.okhttp3:okhttp is a HTTP & HTTP/2 client for Android and Java applications Affected versions of this package are vulnerable to Improper Certificate Validation via the verifyHostName function in OkHostnameVerifier.java. An attacker can gain unauthorized access to sensitive...