PT-2022-24995 · Nagvis +1 · Nagvis +1

Name of the Vulnerable Software and Affected Versions: NagVis versions up to 1.9.33 Description: A vulnerability was found in the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The...

Top 5 API Security Myths That Are Crushing Your Business

There are several myths and misconceptions about API security. These myths about securing APIs are crushing your business. Why so? Because these myths are widening your security gaps. This is making it easier for attackers to abuse APIs. And API attacks are costly. Of course, you will have to bea...

Siemens SINUMERIK ONE and SINUMERIK MC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Hardcoded credentials

BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information ePHI, protected health information PHI and personally identifiable...

AlmaLinux 9 : python3.9 (ALSA-2022:7323)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7323 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int...

Shopify: Reflected XSS In Marketing Reports Page On *.myshopify.com/admin

The returnpagepathname parameter on the marketing reports page of a Shopify store was vulnerable to reflected cross-site scripting XSS when using the javascript: protocol. The vulnerability was assessed as having high attack complexity, as specific conditions were required for the XSS to execute...

CVE-2022-3629

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsockconnect of the file net/vmwvsock/afvsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It ...

CVE-2022-3629

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsockconnect of the file net/vmwvsock/afvsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It ...

Memory corruption

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsockconnect of the file net/vmwvsock/afvsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It ...

CVE-2022-3629 Linux Kernel af_vsock.c vsock_connect memory leak

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsockconnect of the file net/vmwvsock/afvsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It ...

CVE-2022-3647 Redis Crash Report debug.c sigsegvHandler denial of service

DISPUTED A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitabili...

The vulnerability of the operating system for Dell Wyse ThinOS, related to the use of a regular expression with inefficient computational complexity, allows a hacker to trigger a service failure.

The vulnerability of the operating system for Dell Wyse ThinOS is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

"Cannot complete your request" when using SAML: FailedPasswordComplexity

CitrixAGBasic SSO failed when using SAML: FailedPasswordComplexity...

GHSA-69CH-W2M2-3VJP golang.org/x/text/language Denial of service via crafted Accept-Language header

The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers. The parser cannot be easily rewritten t...

golang.org/x/text/language Denial of service via crafted Accept-Language header

The BCP 47 tag parser has quadratic time complexity due to inherent aspects of its design. Since the parser is, by design, exposed to untrusted user input, this can be leveraged to force a program to consume significant time parsing Accept-Language headers. The parser cannot be easily rewritten t...

Debian dla-3139 : knot-resolver - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3139 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3139-1 [email protected] https://www.debian.org/lts/security/...

v8n vulnerable to Inefficient Regular Expression Complexity

Impact Inefficient regular expression complexity of lowercase and uppercase regex could lead to a denial of service attack. With a formed payload 'a' + 'a'.repeati + 'A', only 32 characters payload could take 29443 ms time execution when testing lowercase. The same issue happens with uppercase...

SUSE: Security Advisory (SUSE-SU-2022:3543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OMRON CX-Programmer

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Omron Equipment : CX-Programmer Vulnerabilities : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or may allow arbitrary code execution. 3. TECHNICAL DETAILS...

GHSA-8WXF-C45W-G66G rdiffweb vulnerable to password complexity bypass leading to weak passwords

ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password complexity requirements with weak passwords...