PT-2022-27808 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A thread security vulnerability exists in the authentication process. Successful exploitation of this issue may affect data integrity, confidentiality,...

CVE-2022-21613

Vulnerability in the Oracle Enterprise Data Quality product of Oracle Fusion Middleware component: Dashboard. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

The vulnerability of the do_cmdline() function in the Vim text editor allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the docmdline function in the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the qf_buf_add_line() function in the Vim text editor allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the qfbufaddline function in the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the btrfs_queue_work function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the btrfsqueuework function fs/btrfs/async-thread.c in the Linux kernel relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of the Updates Environment Mgmt component of the Oracle PeopleSoft Enterprise PeopleTools business application allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Updates Environment Mgmt component in the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of the iLO Amplifier Pack software’s automatic recovery function, related to reading data beyond the buffer in memory, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the iLO Amplifier Pack software for automatic restoration of factory settings involves reading data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type mixing errors. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the httpd module of the microprogramming system used in Tenda AC18 routers allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the httpd microprogramming system for the Tenda AC18 router is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information by using...

Sql injection

SQL Injection vulnerability in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailabl...

The vulnerability of the Item_args::walk_args function in the MariaDB database management system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Itemargs::walkargs function in the MariaDB database management system is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of the streamGetEdgeID function in the Redis database management system allows a attacker to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the streamGetEdgeID function in the Redis database management system is related to insufficient validation of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of data...

GHSA-6X52-88CQ-55Q5 Grin allows attackers to adversely affect availability of data on a Mimblewimble blockchain

Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain...

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller is related to deficiencies in the authentication mechanism. This allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the...

CVE-2022-22260

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability...

Spoofing

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability...

CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...

CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in microweber/microweber

Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain...

CVE-2022-1631

The CVE-2022-1631 issue affects microweber/microweber before v1.2.15, described across multiple sources as an OAuth misconfiguration that enables account takeover. The root cause is the lack of email confirmation and insufficient validation of emails from social login providers, allowing an attac...

Update: Destructive Malware Targeting Organizations in Ukraine

Summary Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Updated April 28, 2022 This advisor...