The vulnerability of the rsync platform used in OpenStack platforms for cloud computing solutions allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the rsync platform used in OpenStack platforms for cloud computing solutions is related to security configuration errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the API interface of the Redfish microprogramming software for remote control controllers AMI MegaRAC allows a perpetrator to execute arbitrary code.

The vulnerability of the API interface of the microprogramming software for AMI MegaRAC controllers is related to errors during code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP request...

The vulnerability of the Advanced Local Procedure Call (ALPC) handler in the Windows operating system allows attackers to enhance their privileges within the system.

The vulnerability of the Advanced Local Procedure Call ALPC in the Windows operating system arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...

The vulnerability of the command interpreter in Moxa EDR-810, EDR-G902, EDR-G903, TN-4900, and TN-5916 router microprogramming devices allows attackers to execute arbitrary code.

The vulnerability of the command interpreter in Moxa EDR-810, EDR-G902, EDR-G903, TN-4900, and TN-5916 microprogrammed service routers stems from errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HTTP/HTT...

Upgraded Q -> M from #373 [1670018401792]

Judge has assessed an item in Issue 373 as M risk. The relevant finding follows: N2. ETH not accumulated in previewAccumulatedETH supposed to have accumulated += ... Although it is an external view function, depending on its usages, it may present more issues to the callers. --- The text was...

The vulnerability in the web interface of the Cisco DNA Center allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco DNA Center’s web interface is related to errors in processing requests. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information by sending specially crafted requests...

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key potentially leading to subsequent logic errors. In one case a double-free can be provoked.

...

The vulnerability of the Advanced Local Procedure Call (ALPC) handler in Microsoft Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the Advanced Local Procedure Call ALPC in Microsoft Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of the configuration management system and remote execution capabilities of SaltStack Salt, related to errors in the certificate validation process, allows a perpetrator to carry out a “man-in-the-middle” attack.

The vulnerability of the configuration management system and the remote execution of operations in SaltStack Salt is related to errors in the certificate validation process. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, related to information representation errors in the user interface, allow attackers to perform spear-phishing attacks.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow attackers to perform spear-phishing attacks remotely...

The vulnerability of microprogramming software on Moxa computing platforms of the UC-8100A-ME-T, UC-2100, UC-2100-W, UC-3100, UC-5100, UC-8100, UC-8100-ME-T, UC-8200, UC-8410A, UC-8580, and UC-8540 models is related to errors in privilege management. This vulnerability allows a malicious entity to elevate their privileges.

The vulnerability of the microprogramming software on Moxa’s computing platforms series UC-8100A-ME-T, UC-2100, UC-2100-W, UC-3100, UC-5100, UC-8100, UC-8100-ME-T, UC-8200, UC-8410A, UC-8580, and UC-8540 IIoT gateways is related to privilege management errors. Exploiting this vulnerability can...

The vulnerability of the MODBUS protocol implementation in Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino allows attackers to circumvent existing security restrictions.

The vulnerability of the MODBUS protocol implementation in Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino lies in security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions using specially...

The vulnerability of Firefox browser, related to synchronization errors when using a common resource, allows attackers to disclose protected information.

The vulnerability of Firefox browsers is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

The vulnerability of the microprogrammed software of Moxa routers series TN-5916, TN-4900, EDR-G903, EDR-G902, and EDR-810 is related to errors in processing input data, which can allow a perpetrator to cause service failures.

The vulnerability of the microprogrammed routing software from Moxa, models TN-5916, TN-4900, EDR-G903, EDR-G902, and EDR-810, is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause service failures by sending specially crafted HTTP/HTTPS...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

First depositor can inflate share price

Lines of code Vulnerability details Impact A well-known vulnerability for ERC4626 vaults is the inflation of the share price on the first deposit. Because AutoPxGlp and AutoPxGmx use the balance of the underlying asset for totalAssets and do not have an initial minimum deposit amount, they are al...

The vulnerability in the implementation of the Point to Point Tunneling Protocol (PPTP) network protocol for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Point to Point Tunneling Protocol PPTP implementation in Windows operating systems is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of Microsoft Excel, Microsoft Office, and Microsoft 365 Apps for Enterprise applications relates to security configuration errors, allowing attackers to disclose protected information.

The vulnerability of Microsoft Excel, Microsoft Office, and Microsoft 365 Apps for Enterprise programs is related to security configuration errors. Exploiting this vulnerability can allow attackers to disclose sensitive information through a specially created file...

The vulnerability of the Point-to-Point Tunneling Protocol in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Windows Point-to-Point Tunneling Protocol lies in synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the command interpreter in Moxa EDR-810, EDR-G902, EDR-G903, and TN-4900 router software allows a perpetrator to execute arbitrary code.

The vulnerability of the command interpreter in Moxa EDR-810, EDR-G902, EDR-G903, and TN-4900 router software-based web services is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...