PT-2022-18952 · Bentley · Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.034 Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open ...

The vulnerability of the `icmp6_send_response_with_addrs_and_netif()` function in the implementation of the TCP/IP protocol lwIP allows a attacker to gain access to confidential data.

The vulnerability of the icmp6sendresponsewithaddrsandnetif function in the TCP/IP protocol implementation of the lwIP stack is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows a remote attacker to gain access to confidential data through a...

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from insufficient neutralization of certain elements in the query, allowing an attacker to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the insufficient neutralization of certain elements in the request. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of TLS and SSL Mbed TLS implementations lies in errors in the certificate validation process, which allows attackers to compromise the integrity of data.

The vulnerability of TLS and SSL Mbed TLS implementations is related to the incorrect use of the revocationDate check. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

The vulnerability of TLS and SSL Mbed TLS implementations lies in errors in the certificate validation process, which allows attackers to compromise the integrity of data.

The vulnerability of TLS and SSL Mbed TLS implementations is related to the incorrect comparison of NULL with an empty array. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

IBM System Storage DS8000 Hardware Management Console 安全漏洞

The IBM System Storage DS8000 Hardware Management Console IBM System Storage DS8000 HMC is a hardware management console for the IBM Storage Media Platform DS8000 from IBM in the United States. A security vulnerability exists in IBM System Storage DS8000 Management Console HMC R8.5 88.5x.x.x, R9....

The vulnerability of TLS and SSL Mbed TLS implementations lies in the exposure of information due to incompatibilities, allowing attackers to gain access to confidential data.

The vulnerability of TLS and SSL Mbed TLS implementations lies in the dependence of the instruction’s execution time on the data of that instruction. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

The vulnerability of the gf_odf_del_ipmp_tool function in the odf_code.c component of the multimedia platform GPAC allows a perpetrator to access confidential data and also cause service interruptions.

The vulnerability of the gfodfdelipmptool function in the odfcode.c component of the multimedia platform GPAC involves reading data beyond the allowable buffer size. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and also cause service failures...

The vulnerability of the Node.js software platform’s DNS library, related to insufficient input validation, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Node.js software platform’s DNS library is related to the improper handling of atypical symbols in domain names. Exploiting this vulnerability allows an attacker who operates remotely to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Clipboard editing plugin for the CKEditor WYSIWYG editor allows a hacker to compromise data integrity.

The vulnerability of the Clipboard editing plugin of the CKEditor editor is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from the lack of protective measures for website structures, allowing attackers to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the absence of markdown filtering. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of the decoder in the SIX functional decoding system for MPEG-4 multimedia platform GPAC allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SSIX decoder for MPEG-4 multimedia platform GPAC is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Fraction function in the libheif/box.cc component of the HEIF and AVIF encoding/decoding library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Fraction function in the libheif/box.cc component of the HEIF and AVIF encoding/decoding library allows attackers to exploit it remotely. This enables them to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Singularity container platform, related to insufficient entropy, allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Singularity container platform is related to insufficient entropy. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Gradle plugin and script for the automatic build system Gradle allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Gradle plugin and script in the automatic build system Gradle is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the IsNextToken function in the src/base/PdfToenizer.cpp component of the PDF processing software PoDoFo allows a malicious actor to access confidential data.

The vulnerability of the IsNextToken function in the src/base/PdfToenizer.cpp component of the PDF processing software library is related to the disclosure of information in the error-prone data area. Exploiting this vulnerability allows an attacker to gain access to confidential data remotely...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in its ability to read data beyond the memory boundaries. This allows attackers to gain unauthorized access to protected information and also cause system failures.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to reading beyond the memory boundaries. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information, as well as cause service failures...

PT-2022-6592 · Pcre2 +8 · Pcre2 +8

Name of the Vulnerable Software and Affected Versions: PCRE2 affected versions not specified Description: The issue is related to an out-of-bounds read vulnerability in the PCRE2 library, specifically in the get recurse data length function of the pcre2 jit compile.c file. This vulnerability...

PT-2022-7557 · Apple +8 · Itunes +14

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 15.4 iTunes versions prior to 12.12.3 for Windows macOS versions prior to Monterey 12.3 watchOS versions prior to 8.5 iOS versions prior to 15.4 iPadOS versions prior to 15.4 tvOS versions prior to 15.4 WebKitGTK and...

CVE-2022-26143

The TP-240 aka tp240dvr component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service performance degradation and excessive outbound traffic. This was exploited in the wild in February...