CVE-2022-42386

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

VMware vRealize Log Insight 信息泄露漏洞

VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware vRealize Log Insight. An unauthenticated attacker could remotely collect sensitive session and...

CVE-2022-42386

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

PT-2023-1367 · Vmware · Vmware Vrealize Log Insight

Name of the Vulnerable Software and Affected Versions: VMware vRealize Log Insight affected versions not specified Description: The issue is related to an information disclosure vulnerability. A malicious actor can remotely collect sensitive session and application information without...

The vulnerability of the SAP Customer Data Cloud data management software lies in the use of a non-safe random number generator program, which allows an attacker to disclose sensitive information.

The vulnerability of the SAP Customer Data Cloud data management software is related to the use of a non-safe random number generator program. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose sensitive information...

PT-2023-1198 · Oracle · Oracle Sales For Handhelds

Name of the Vulnerable Software and Affected Versions: Oracle Sales for Handhelds versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the Pocket Outlook Sync PocketPC component of Oracle Sales for Handhelds, part of the Oracle E-Business Suite...

PT-2022-7675 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a buffer overflow in the FASTFAT component of the Windows operating system. This could allow an attacker to read data from remote files on the operating system by...

The vulnerability of the HMAC component of the Nimbus JOSE + JWT Java library, which allows attackers to disclose protected information

The vulnerability of the HMAC component of the Nimbus JOSE + JWT Java library is related to the lack of integrity checks. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

The vulnerability of the software for interacting with servers via CURL, related to writing beyond the buffer boundary, allows an attacker to access confidential data.

The vulnerability of the software for interacting with servers via CURL is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

PT-2022-22960 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.1.1-42962-2 Description: A security issue is found in the session processing functionality of Out-of-Band OOB Management, related to an out-of-bounds read. This allows remote attackers to...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

UBUNTU-CVE-2022-21619

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to...

The vulnerability of the ruby-mysql library, related to errors in processing hypertext links, allows attackers to gain access to confidential data.

The vulnerability of the ruby-mysql library is related to errors in processing hypertext links. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data...

PT-2022-26411 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open...

The vulnerabilities of the `fillin_rpath` and `decompose_rpath` functions in the GNU C Library allow attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the fillinrpath and decomposerpath functions in the GNU C Library’s system library is related to an unreliable search path. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Libjpeg-turbo image processing library, related to writing beyond the buffer boundaries, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Libjpeg-turbo library for image processing is related to improper compression/decompression of gigapixel images. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service interruptions...