CVE-2022-22310

IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224...

Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Data Deletion Description: The...

The vulnerability of the Midnight Commander file manager, related to deficiencies in authentication procedures, allows attackers to compromise data integrity.

The vulnerability of the Midnight Commander file manager is related to the lack of checks and display of server timestamps. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

CVE-2021-34910

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

CVE-2022-22289

Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information...

CVE-2021-4068

Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

PT-2021-7517 · Vim +7 · Vim +7

Name of the Vulnerable Software and Affected Versions: vim affected versions not specified Description: The issue is related to an out-of-bounds read in the vim text editor. This allows a remote attacker to access confidential data and cause a denial of service. Recommendations: At the moment,...

The vulnerability of the SAE implementation of the wpa_supplicant function for wireless communication devices with WPA certification lies in the fact that it exposes information, allowing attackers to gain access to confidential data.

The vulnerability of the SAE implementation of the wpasupplicant function for wireless communication devices with WPA certification is related to errors in timing and access patterns to the cache. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

PT-2021-6434 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.36 and prior MySQL Server versions 8.0.27 and prior Description: The issue is related to insufficient input validation in the MySQL Server product, specifically in the Server: Security: Privileges component. This...

VulnCheck KEV: CVE-2020-8599

Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login...

The vulnerability of the Tar.php file in the Archive_Tar package of the PHP PEAR library arises from an improper restriction on the path name of the directory. This allows a attacker to compromise data integrity.

The vulnerability of the Tar.php file in the ArchiveTar package from the PHP PEAR library is related to improper handling of symbolic links. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...

The vulnerability of the RabbitMQ messaging broker, related to the lack of protective measures for the website structure, allows attackers to compromise data integrity.

The vulnerability of the RabbitMQ messaging broker is related to improper validation of user input. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of software for implementing VNC and TigerVNC lies in authentication process errors, which allow attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the software for implementing VNC TigerVNC is related to improper handling of TLS certificate exceptions. Exploiting this vulnerability can allow a remote attacker to access confidential data and compromise its integrity...

The vulnerability of the gaussianblur component in the Ffmpeg library, which is related to writing beyond buffer boundaries, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the gaussianblur component in the Ffmpeg library is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and even cause service failures...

The vulnerability in the `hw/net/tulip.c` component of the QEMU hardware emulation software involves writing beyond the buffer boundaries. This allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability in the hw/net/tulip.c component of the QEMU hardware emulation software involves writing beyond the buffer boundaries during copy operations for TX/RX data. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, a...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 browser, which involves reading data beyond the allowed buffer limit, allows attackers to access confidential data and cause service interruptions.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 browser relates to reading data beyond the allowed buffer size. Exploiting this vulnerability can allow a remote attacker to access confidential data and also cause service interruptions through a specially created HTML page...

PT-2021-4740 · Apple · Webkit +1

Name of the Vulnerable Software and Affected Versions: Mac OS affected versions not specified Description: The issue is related to a module for displaying web pages in WebKit, which is part of the Mac OS operating system family. It involves the possibility of concurrent execution using a shared...

The vulnerability of the Flask software’s extension relates to insecure privilege management. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the Flask extension relates to an error in the use of Pickle for serialization. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service failures...

Confluent Ansible 安全漏洞

Confluent Ansible is a product from the US-based Confluent, Inc. It provides an easy way to deploy, manage and configure Confluent Platform services. A security vulnerability exists in Confluent Ansible cp-ansible versions 5.5.0, 5.5.1, 5.5.2, and 6.0.0, in which its auxiliary components are...

The vulnerability of the Thunar file manager, related to improper access control, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Thunar file manager is related to the use of another program without user confirmation when the file is used as an acommand. Exploiting this vulnerability can allow an attacker who operates remotely to gain access to confidential data, compromise its integrity, and cause...