The vulnerability of the Netlogon Remote Protocol (MS-NRPC) implementation in Windows operating systems allows a hacker to increase their privileges.

The vulnerability of the Netlogon Remote Protocol MS-NRPC implementation in Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

The vulnerability of the BitLocker Device Encryption security function in Windows operating systems allows attackers to circumvent security restrictions.

The vulnerability of the BitLocker Device Encryption security function in Windows operating systems is related to security configuration errors. Exploiting this vulnerability could allow a hacker to circumvent security restrictions...

The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird, related to information representation errors in the user interface, allow attackers to perform spear-phishing attacks.

The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow attackers to perform spear-phishing attacks by making a series of pop-up windows and calls to...

kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image

A use-after-free flaw was found in fs/ext4/namei.c:dxinsertblock in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service...

The vulnerability in the implementation of the Point to Point Tunneling Protocol (PPPT) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Point to Point Tunneling Protocol PPTP implementation in Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted PPTP packe...

The vulnerability of the Mark of the Web operating system mechanism, which allows a hacker to circumvent existing security restrictions

The vulnerability of the Mark of the Web operating system mechanism is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

The vulnerability in the functionality of Windows for connected users and telemetry allows a perpetrator to enhance their privileges.

The vulnerability of the functional capabilities for connected users and telemetry in the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of Microsoft SharePoint Foundation, SharePoint Server, and SharePoint Enterprise Server lies in information representation errors in the user interface, which allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft SharePoint Foundation, SharePoint Server, and SharePoint Enterprise Server relates to information display errors in the user interface. Exploiting this vulnerability can allow an attacker to perform spear-phishing attacks remotely...

The vulnerability of the Advanced Local Procedure Call (ALPC) handler in the Windows operating system allows attackers to escalate their privileges.

The vulnerability of the Advanced Local Procedure Call ALPC in the Windows operating system arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Point-to-Point Tunneling Protocol network protocol implementation in the Windows operating system allows a hacker to induce a service failure.

The vulnerability of the Point-to-Point Tunneling Protocol network protocol implementation in the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to remotely cause service failures...

USN-5723-1 vim vulnerabilities

It was discovered that Vim could be made to crash when searching specially crafted patterns. An attacker could possibly use this to crash Vim and cause denial of service. CVE-2022-1674 It was discovered that there existed a NULL pointer dereference in Vim. An attacker could possibly use this to...

GSD-2022-1006738 btrfs: scrub: properly report super block errors in system log

btrfs: scrub: properly report super block errors in system log This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

The vulnerability of the CNG Key Isolation service in the Windows operating system allows a hacker to gain increased privileges.

The vulnerability of the CNG Key Isolation service in the Windows operating system is related to errors in the code. Exploiting this vulnerability can allow an attacker to gain increased privileges...

PT-2022-34993 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns the btrfs scrub feature, which fails to properly report super block errors in the system log. This could potentially lead to security vulnerabilities, although the actual...

The vulnerability of the Windows Photo Import API of the Microsoft Windows operating system allows a perpetrator to gain unauthorized access to protected information and enhance their privileges.

The vulnerability of the Windows Photo Import API of the Microsoft Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information and increase their privileges...

Upgraded Q -> M from #471 [1668464969039]

Judge has assessed an item in Issue 471 as M risk. The relevant finding follows: The whole report --- The text was updated successfully, but these errors were encountered: All reactions...

OESA-2022-2082 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

The vulnerability in the implementation of the Point to Point Tunneling Protocol (PPTP) network protocol in the Microsoft Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Point to Point Tunneling Protocol PPTP implementation in the Microsoft Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially craft...

The vulnerability in the `QuickTimeVideo::userDataDecoder` function of the `quicktimevideo.cpp` file in the library and command-line utilities for managing image metadata with the Exiv2 library allows a hacker to execute arbitrary code.

The vulnerability of the QuickTimeVideo::userDataDecoder function in the quicktimevideo.cpp file of the Exiv2 image metadata management library and command-line utilities is related to pointer aliasing errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...