The vulnerability of the smb2_get_data_area_len function (fs/smb/server/smb2misc.c) in the Linux file system KSMBD kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the smb2getdataarealen function in the file system KSMBD of the Linux operating system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of t...

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit (SDK) allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of the Content Access SDK, Image Export SDK, PDF Export SDK, and HTML Export SDK components of Oracle Outside In Technology’s software development kit SDK exist due to insufficient testing of input data. Exploiting these vulnerabilities can allow attackers to compromise the...

The vulnerability of the receive_encrypted_standard() function in the fs/smb/client/smb2ops.c module of the SMB protocol client implementation in Linux operating systems allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the receiveencryptedstandard function in the fs/smb/client/smb2ops.c module, which is part of the SMB protocol client implementation in Linux operating systems, relates to access to memory beyond the allocated buffer due to a numerical overflow. Exploiting this vulnerability...

The vulnerability of the derivate_spatial_luma_vector_prediction function in the h.265 Libde265 implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the derivatespatiallumavectorprediction function in the h.265 Libde265 codec implementation is related to the possibility of writing beyond buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, a...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after it is freed. This allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability in the implementation of the S/MIME encryption standard for the Thunderbird email client allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the S/MIME encryption standard implementation in the Thunderbird email client is related to errors in verifying the cryptographic signature due to discrepancies in the date and time of its creation. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the System Management Mode (SMM) feature of AMD Ryzen microprogramming systems allows attackers to enhance their privileges and compromise the integrity, accessibility, and confidentiality of protected information.

The vulnerability of the System Management Mode SMM feature of AMD Ryzen microprocessor-based software systems is related to insufficient validation of input data. Exploiting this vulnerability can allow unauthorized actors to gain enhanced privileges and impact the integrity, availability, and...

Design/Logic Flaw

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue...

CVE-2023-45084 Media caddy removal and reinsertion without reboot may cause data loss

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue...

CVE-2023-45084

SoftIron HyperCloud CVE-2023-45084 affects density storage nodes running HyperCloud 1.0–pre-2.0.3. A missing synchronization flaw allows removing and reinserting a drive caddy without reboot to cause the system to treat the caddy as new media, wiping all data on the drives. Impact: data availabil...

The vulnerability of the nvme_add_user_metadata() function in the drivers/nvme/host/ioctl.c file of the NVMe driver for the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the nvmeaddusermetadata function in the drivers/nvme/host/ioctl.c file of the Linux NVMe driver kernel relates to access beyond the reserved buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of the Mojo library for Google Chrome and Microsoft Edge browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Mojo library for Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Learning Module component of the ILIAS learning management and support system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Learning Module component of the ILIAS learning management and support system exists due to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity...

The vulnerability in the /adms/classes/Users.php script of the Auto Dealer Management System allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SourceCodester Auto Dealer Management System’s /adms/classes/Users.php script is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the chkRegVeriRegister() function in TP-LINK’s router software TL-WR886N allows a perpetrator to influence the integrity, accessibility, and confidentiality of the protected information.

The vulnerability of the chkRegVeriRegister function in TP-LINK’s TL-WR886N router software lies in the fact that the operation is performed outside of the buffer in memory. Exploiting this vulnerability allows an attacker to compromise the integrity, availability, and confidentiality of the...

The vulnerability of the command shell of the Google Chrome browser on the Chrome OS allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the command shell of the Google Chrome browser on the Chrome OS is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Analytics Web Dashboards component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Analytics Web Dashboard component of the Oracle Business Intelligence Enterprise Edition software is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibili...

The vulnerability of the GetParentControlInfo() function in Tenda AC10U router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the GetParentControlInfo function in Tenda AC10U router software lies in the issue of the operation going beyond the buffer in memory when processing the mac parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the tif_processing_dng_channel_count function in the ImageGear image processing library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tifprocessingdngchannelcount function in the ImageGear image processing library relates to the issue of data being written outside of the buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

CVE-2023-1832 Improper authorization check in the server component

An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant...