CVE-2021-33465

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandmmacro in modules/preprocs/nasm/nasm-pp.c...

CVE-2021-33467

An issue was discovered in yasm version 1.3.0. There is a use-after-free in ppgetline in modules/preprocs/nasm/nasm-pp.c...

CVE-2021-33467

An issue was discovered in yasm version 1.3.0. There is a use-after-free in ppgetline in modules/preprocs/nasm/nasm-pp.c...

CVE-2021-33468

An issue was discovered in yasm version 1.3.0. There is a use-after-free in error in modules/preprocs/nasm/nasm-pp.c...

CVE-2021-33460

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in ifcondition in modules/preprocs/nasm/nasm-pp.c...

CVE-2021-33459

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasmparserdirective in modules/parsers/nasm/nasm-parse.c...

CVE-2021-33455

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in dodirective in modules/preprocs/nasm/nasm-pp.c...

CVE-2022-34374

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system...

CVE-2022-34375

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory...

DRUPAL-CORE-2022-013

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...

Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...

[SECURITY] Fedora 35 Update: golang-x-mod-0.6.0~dev-3.20220330git9b9b3d8.fc35

This packages holds packages for writing tools that work directly with Go mod ule mechanics. That is, it is for direct manipulation of Go modules themselves...

CVE-2022-34764

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prio...

Tofu - Windows Offline Filesystem Hacking Tool For Linux

A modular tool for hacking offline Windows filesystems and bypassing login screens. Can do hashdumps, OSK-Backdoors, user enumeration and more. How it works : When a Windows machine is shut down, unless it has Bitlocker or another encryption service enabled, it's storage device contains everythin...

Sql injection

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SS...

CVE-2022-28623

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SS...

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules allows a hacker to gain access to the device by intercepting the authentication token.

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules is related to an incorrect expiration time of the session. Exploiting this vulnerability can allow attackers to gain access to the device by intercepting the authentication...

SUSE-SU-2022:2331-1 Security update for rsyslog

This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception bsc1199061...

br.com.ideotech:draw-out-spring-boot-aop (>=1.5.19-1.RELEASE <=1.5.19.RELEASE), br.com.ideotech:draw-out-spring-boot-lib (>=1.5.19-1.RELEASE <=1.5.19.RELEASE) +1769 more potentially affected by CVE-2022-33980 via org.apache.commons:commons-configuration2 (>=2.4 <=2.7)

org.apache.commons:commons-configuration2 MAVEN version =2.4, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.0, =1.9.17-0, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0, =1.0.1-2024, =3.5.0-jdk17-1.0.0, =3.5.0-jdk17-2.0.0 and more Source cves: CVE-2022-33980 Source advisory:...

Oracle Linux 7 : containerd (ELSA-2021-15790)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-15790 advisory. - Address CVE-2021-32760 docker-cli - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. docker-engine Tenable has extracted the preceding...