The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server programs lies in their susceptibility to corruption of unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server lies in the ability to restore unreliable data in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially creat...

The vulnerability of the ModuleInvoke class in SCADA systems of Inductive Automation Ignition allows a perpetrator to execute arbitrary code.

The vulnerability of the ModuleInvoke class in the SCADA system of Inductive Automation Ignition involves the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the SYSTEM context...

grub2: out-of-bounds read at fs/ntfs.c

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to...

CVE-2023-52080

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT-GetVariable function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical...

CVE-2023-52080

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT-GetVariable function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical...

PT-2024-24606 · Tillitis · Tillitis Tkey Signer Device Application

Name of the Vulnerable Software and Affected Versions: Tillitis TKey signer device application versions prior to 1.0.0 Description: A vulnerability has been found in the Tillitis TKey signer device application, an ed25519 signing tool, which makes it possible to disclose portions of the TKey’s da...

The vulnerability of the Windows Telephony Server server allows attackers to increase their privileges.

The vulnerability of the Windows Telephony Server server for Windows operating systems is related to the use of unsafe mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the RMI service of the IBM InfoSphere Information Server software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the RMI service of the IBM InfoSphere Information Server software platform is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Important: Red Hat Security Advisory: GitOps 1.12.1- Argo CD CLI and MicroShift GitOps security update

An update is now available for Red Hat OpenShift GitOps v1.12.1 for Argo CD CLI and MicroShift GitOps. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

The vulnerability in the built-in RDoc documentation generator for the Ruby programming language relates to the possibility of restoring unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the built-in RDoc documentation generator for the Ruby programming language relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially crafted .rdocoptions files...

CVE-2024-21652

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service DoS flaw and in-memory data storage weakness, to effectively bypass the application's brute forc...

GHSA-X32M-MVFJ-52XV Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss

Summary An attacker can exploit a chain of vulnerabilities, including a Denial of Service DoS flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This makes the application susceptible to brute force attacks, compromising the security of...

The vulnerability of the Apache InLong data integration platform, related to the recovery of unreliable data in memory, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Apache InLong data integration platform lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information by sending specially created data...

Important: Red Hat Enhancement Advisory: redis:7 update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set...

The vulnerability of the JDBC URL Handler component of the Apache InLong data integration platform allows a attacker to execute arbitrary code.

The vulnerability of the JDBC URL Handler component of the Apache InLong data integration platform relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Nervos CKB Permit load cell data from memory

Impact The faulty nodes will reject transactions which calls loadcelldata syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation. Patches 0.35.2, 0.36.1, 0.37.1, 0.38.2...

RHEL 8 : thunderbird (RHSA-2023:7504)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7504 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fixes: Mozilla:...

The vulnerability of the Splunk Enterprise platform for operational analysis in Windows operating systems lies in the restoration of unreliable data in memory, allowing attackers to compromise the integrity, accessibility, and confidentiality of the protected information.

The vulnerability of the Splunk Enterprise operating system for Windows platform lies in the recovery of unreliable data in memory due to an incorrect path being used to access files on the disk partition. Exploiting this vulnerability can allow an attacker to compromise the integrity,...

The software for configuring, monitoring, and controlling industrial equipment, Easergy Studio, has a vulnerability related to the restoration of unreliable data in memory. This vulnerability allows an intruder to gain increased privileges.

The vulnerability of the Easergy Studio software for configuring, monitoring, and controlling industrial equipment is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of the Jackson-Databind library from the FasterXML project allows for arbitrary code execution due to the inability to recover unreliable data from memory.

The vulnerability of the jackson-databind library from the FasterXML project relates to the restoration of unreliable data in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...