The vulnerability of the Squid proxy server, related to errors in processing input data, allows a hacker to cause a service failure.

The vulnerability of the Squid proxy server is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted ESI packets...

Security Bulletin: IBM Master Data Management may provide weaker than expected security due to OpenSSL through a carry propogation flaw (CVE-2021-4160)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a carry propogation flaw found in OpenSSL. OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to...

The vulnerability of Microsoft Defender for Endpoint on Linux operating systems, related to errors in processing the relative path to the directory, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Defender for Endpoint on Linux operating systems is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks...

The vulnerability of Microsoft Windows operating system consoles allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Windows operating system consoles relates to errors in processing input data. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user downloads a specially crafted MSC file...

The vulnerability of the OCC API Endpoint component in the SAP Commerce Cloud platform allows a perpetrator to gain unauthorized access to protected information or compromise data integrity.

The vulnerability of the OCC API Endpoint component in the SAP Commerce Cloud platform is related to errors in information processing. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information or compromise the integrity of data...

The vulnerability of the Rockwell Automation ThinManager platform for centralized application management, related to errors in processing hypertext links, allows a hacker to execute arbitrary code.

The vulnerability of the Rockwell Automation ThinManager application platform for centralized application management is related to errors in processing hypertext links. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted POST reques...

The vulnerability of the LZ4 data compression algorithm, which involves errors in number processing, allows a hacker to cause a service failure.

The vulnerability of the lossless LZ4 data compression algorithm is related to errors in number processing. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

ROS-20240723-05

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...

The vulnerability of the application for updating Google Updater allows a perpetrator to elevate their privileges.

The vulnerability of the application for updating Google Updater is related to data processing errors. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created file...

ROS-20240603-01

A vulnerability in the PSP file parser of the GIMP graphics editor is related to number processing errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20240521-10

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...

ROS-20240521-09

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...

ROS-20240521-11

A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...

The vulnerability of the ANSI Escape Sequence Handler component in the WinRAR file archiver allows a hacker to trigger a service failure or replace the display on the screen.

The vulnerability of the ANSI Escape Sequence Handler component in the WinRAR file archiver is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to remotely cause service failures or replace the display on the screen...

PT-2024-5137 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to the Permission Model in Node.js, which incorrectly assumes that any path starting with two backslashes has a four-character prefix that can be ignored. This subtle b...

The vulnerability of the RouterOS operating system in MikroTik routers, related to errors in processing input data, allows a hacker to cause a service failure.

The vulnerability of the RouterOS operating system for MikroTik lies in errors in processing input data. Exploiting this vulnerability allows a malicious actor to cause service failure by sending a specially crafted network packet...

The vulnerability in the implementation of the NFS network file system server for FreeBSD and OpenBSD allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the NFS network file system server implementation for FreeBSD and OpenBSD is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

ROS-2-1598

2.1598 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

The vulnerability of Zoom’s video conferencing software, related to errors in processing input data, allows attackers to exploit their privileges.

The vulnerability of Zoom video conferencing software is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

PT-2024-1715 · Microsoft · Message Queuing +1

Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing MSMQ affected versions not specified Description: The issue is related to errors in processing input data in the Windows operating system's message queuing component. This can allow an attacker to execute arbitrary...