ROS-20241015-16

A vulnerability in the Networking component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect authorization. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity ...

The vulnerability of the SCADA system MasterSCADA 4D, related to errors in processing input data, allows a intruder to trigger a service failure.

The vulnerability of the SCADA system MasterSCADA 4D is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

PT-2024-4685 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in processing input data length parameters in the implementation of the Secure Boot protocol in Windows operating systems. This can allow a remote attacker to...

CVE-2024-31919

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259...

CVE-2024-38361 Permissions processing error in spacedb

Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to execute arbitrary code.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

ROS-2-1769

2.1769 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

ROS-2-2088

2.2088 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-1904

2.1904 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

The vulnerability of the Mozilla Firefox browser is related to errors in processing SameSite cookies, which allows an attacker to compromise the integrity of the protected information.

The vulnerability of the Mozilla Firefox browser is related to errors in processing SameSite cookies when opening a website using the “firefox://” protocol handler. Exploiting this vulnerability can allow an attacker to compromise the integrity of protected information...

PT-2024-3009 · Uamqp +2 · Uamqp +2

Name of the Vulnerable Software and Affected Versions: uAMQP affected versions not specified Description: The uAMQP library, used for AMQP 1.0 communication to Azure Cloud Services, contains an error related to the incorrect processing of an AMQP VALUE failed state, which may cause a double free...

The vulnerability of the MMS interpreter in the WagoAppRTU library of the Wago Telecontrol configuration tool allows a perpetrator to cause a service failure.

The vulnerability of the MMS interpreter in the WagoAppRTU library of the Wago Telecontrol configuration tool is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by sending specially crafted MMS...

The vulnerability of ScrutisWeb banknote monitoring software lies in a processing error related to user-controlled authentication keys, which allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of ScrutisWeb banknote monitoring software relates to an error in the processing of authentication keys controlled by users. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the nginx.ingress.kubernetes.io/permanent-redirect controller in the Kubernetes ingress-nginx cluster allows a attacker to execute arbitrary commands.

The vulnerability of the nginx.ingress.kubernetes.io/permanent-redirect controller in the Kubernetes ingress-nginx cluster is related to errors in processing incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The software’s vulnerability regarding centralized device management by Fortinet FortiManager and the FortiAnalyzer network firewall, related to an error in processing user-controlled authentication keys, allows a perpetrator to access confidential data.

The vulnerability of the software for centralized device management by Fortinet’s FortiManager and FortiAnalyzer lies in a processing error related to authentication keys, which are controlled by users. Exploiting this vulnerability allows an attacker to gain access to confidential data remotely...

The vulnerability of the Acronis Cyber Protect Home Office backup and recovery software lies in errors during link processing, which allows attackers to exploit their privileges.

The vulnerability of the Acronis Cyber Protect Home Office backup and recovery software is related to errors in handling links. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit lies in errors in the processing of input data during syntax analysis of code. This allows an attacker to execute arbitrary code.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to errors in processing input data during syntax analysis of the code. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the setTracerouteCfg function in the microprogramming software of TOTOLINK EX1200L allows a intruder to execute arbitrary commands.

The vulnerability of the setTracerouteCfg function in TOTOLINK EX1200L router microprogramming systems is related to errors in processing input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

The vulnerability of the file transfer protocol implementation of the Cisco NX-OS operating system for Cisco Nexus series 3000 and 9000 switches allows a perpetrator to upload or overwrite arbitrary files.

The vulnerability of the file transfer protocol implementation of the Cisco NX-OS operating system for Cisco Nexus series 3000 and 9000 switches is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to upload or re-write any files as desired...

AZL-34935 CVE-2023-38710 affecting package libreswan for versions less than 4.7-6

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALIDSPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets...