The vulnerability of the SHA-3 cryptographic hash function in the XKCP software package allows a hacker to execute arbitrary code.

The vulnerability of the SHA-3 cryptographic hash function in the eXtended Keccak Code Package XKCP software package is related to errors in block processing of input data and type conversion. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code during the computati...

PT-2022-24864 · Unknown +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Istio versions prior to 1.15.2 Istio versions prior to 1.14.5 Istio versions prior to 1.13.9 Description: Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. The...

The vulnerability of the authentication system for web applications, LemonLDAP::NG, related to an error in processing authentication keys, allows a perpetrator to gain unauthorized access to sensitive information.

The vulnerability of the authentication system for web applications in LemonLDAP::NG is related to security mechanism errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to information...

The vulnerability of the Microsoft Exchange Server, related to errors in processing input data in the OWA interface, allows a perpetrator to perform an SSRF attack.

The vulnerability of Microsoft Exchange Server is related to errors in processing input data in the OWA interface. Exploiting this vulnerability can allow a malicious actor to execute an SSRF attack remotely...

The vulnerability in the implementation of the Internet Key Exchange (IKE) protocol in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Internet Key Exchange IKE protocol implementation in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted IKEv1 packets...

The vulnerability in the isolated iframe of the Thunderbird email client allows a hacker to circumvent existing security restrictions.

The vulnerability of the isolated iframe environment in the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by sending specially crafted electronic emails...

The vulnerability of the Thunderbird email client, related to errors in processing input data, allows a hacker to circumvent existing security restrictions.

The vulnerability of the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by sending a specially crafted email with the iframe srcdoc attribute...

CVE-2022-2759

Delta Electronics Delta Robot Automation Studio DRAS versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to emb...

The vulnerability of the Red Database database management system lies in the concealment of information that is crucial for security purposes. This allows attackers to hide the origin or nature of their attacks.

The vulnerability of the Red Database management system is related to an error in the processing of binary audit logs in the database adapter. Exploiting this vulnerability allows a malicious actor to conceal the origin or nature of an attack by creating entries for audit logs in such a way that...

The vulnerability of the FortiESNAC service, a security solution from Fortinet’s FortiClient for Windows, allows attackers to escalate their privileges.

The vulnerability of the FortiESNAC service in the Fortinet FortiClient for Windows security solution is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Thunderbird email client and the Firefox ESR browser lies in a error during the processing of CSS style sheets accessible through internal URIs, such as “resource:”. This allows attackers to circumvent the implemented content security policies.

The vulnerability of the Thunderbird email client and the Firefox ESR browser is related to an error in processing CSS style sheets that are accessed through internal URIs, as “resource:”. Exploiting this vulnerability can allow a malicious actor to bypass implemented content security policies...

The vulnerability of the HTTP interface implementation for Zyxell network interfaces allows attackers to execute arbitrary commands.

The vulnerability of the HTTP interface implementation for Zyxell network interfaces relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by introducing a specially crafted file...

Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9362)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9362 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...

The vulnerability of the `SdnToJulian` function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the SdnToJulian function in the PHP programming language is related to errors in number processing. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the phar_parse_zipfile function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the pharparsezipfile function ext/phar/zip.c in the PHP programming language is related to errors in number processing. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

The vulnerability of the soapclient::__call method in the PHP language interpreter allows a hacker to execute arbitrary code.

The vulnerability of the soapclient::call method in the PHP language interpreter is related to an error in data processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2022-2896 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to errors in information processing within the Windows Hyper-V system, which can be exploited by a remote attacker to gain unauthorized access to protected...

PT-2022-2663 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue is related to errors in information processing. It may allow a remote attacker to gain unauthorized access to protected information. Recommendations: At the moment, there i...

The vulnerability of the Intra-mode BTI implementation of Intel microprogramming software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Intel microprogrammable processor’s Intra-mode BTI IMBTI implementation is related to errors in parameter processing. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

CVE-2022-24726

The CVE-2022-24726 entry affects Istio’s control plane (istiod) where a request processing error in the validating webhook, exposed publicly on TLS port 15017, can crash the control plane when a specially crafted message is processed. Affected versions have been patched in Istio releases 1.13.2, ...