Amazon Linux 2022 : bpftool, kernel, kernel-devel (ALAS2022-2022-125)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-125 advisory. A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. CVE-2022-2990...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient validation of input data. This allows attackers to introduce arbitrary data.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary data into the Incidents Timeline field...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9710)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9710 advisory. - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - arm64: proton-pack: provide...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9709)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9709 advisory. - netsched: clsroute: remove from list when handle is 0 Thadeu Lima de Souza Cascardo Orabug: 34480880 CVE-2022-2588 - arm64: proton-pack: provide...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-29901

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under...

CVE-2022-29901 Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under...

CVE-2022-29901

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under...

Security Bulletin: IBM Engineering Test Management is vulnerable to arbitrary data access due to XStream ( CVE-2020-26258, CVE-2020-26259 )

Summary IBM Engineering Test Management is vulnerable to remote attacker having access to snesitive data or to arbitrary files from system due to XStream. Vulnerability Details CVEID: CVE-2020-26258 DESCRIPTION: XStream is vulnerable to server-side request forgery, caused by a flaw when...

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

CVE-2022-32268

StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can injec...

CVE-2020-4926

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600...

Code injection

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600...

CVE-2021-27482

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data...

CVE-2021-27482

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data...

Code injection

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data...

CVE-2021-27482

CVE-2021-27482 affects the OpENer EtherNet/IP stack (EIPStackGroup OpENer). It is an out-of-bounds read vulnerability triggered by specially crafted ENIP/CIP packets, potentially allowing an attacker to read arbitrary data from memory. Affected versions are OpENer releases prior to 2021-02-10, wi...

CVE-2022-1376

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEprivgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

CVE-2022-26836

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

Xxe

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity XXE vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input...