The vulnerability of the Dovecot mail server’s passdb account database allows a hacker to escalate their privileges.

The vulnerability of the Dovecot mail server’s passdb database account database is related to configuration errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

Valinor 安全漏洞

Valinor is a PHP library that helps map any input to a strongly typed value object structure. A security vulnerability exists in Valinor versions prior to 0.12.0, which stems from the fact that Valinor can be used without privileges to, for example, display SQL exceptions for SQL fragments, displ...

Oracle data feeds are insufficiently validated

Lines of code Vulnerability details Impact If the oracle price feeds are insufficiently validated, there will be pricing errors leading to the miss-pricing of assets Proof of Concept The JBSingleTokenPaymentTerminalStore and abstract JBPayoutRedemptionPaymentTerminal both rely on their respective...

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process, allowing attackers to execute a “man-in-the-middle” attack.

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process for certificates. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

PT-2022-6930 · Eclipse · Eclipse Jetty

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 10.0.0 through 10.0.9 Eclipse Jetty versions 11.0.0 through 11.0.9 Description: The issue is related to the SslConnection component of the Eclipse Jetty servlet container, which is associated with resource release error...

The vulnerability of the Android EMUI operating system and the HarmonyOS operating system, related to pointer assignment errors, allows attackers to trigger service interruptions.

The vulnerability of the Android EMUI operating system and the HarmonyOS operating system is related to pointer assignment errors. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the categoryId parameter in the WWebView component of the MCE Systems mobile device lifecycle management system allows attackers to enhance their privileges.

The vulnerability of the categoryId parameter in the WWebView component of the MCE Systems lifecycle management system is related to errors in link processing before accessing a file, as well as deserialization of the PendingDynamicLinkData structure from the Intent Extra array with the key...

The vulnerability of Xen hypervisors arises from synchronization errors when using shared resources, allowing a perpetrator to execute arbitrary code.

The vulnerability of Xen hypervisors is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the AtomicReferenceArray class implementation in the Concurrency component of the Java Runtime Environment allows a malicious actor to trigger a service failure.

The vulnerability of the AtomicReferenceArray class implementation in the Java Runtime Environment concurrency component is related to errors in object type handling. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Upgraded Q -> M from 139 [1656985204675]

Judge has assessed an item in Issue 139 as Medium risk. The relevant finding follows: 1. Buyouts that occur during the timestamp wrap will have valuation errors The blockTimestamp has a modulo applied, so at some point, there will be a timestamp with a value close to 2^32, followed by a timestamp...

Upgraded Q -> M from 164 [1657055445786]

Judge has assessed an item in Issue 164 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2022-29892

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service DoS...

[SECURITY] Fedora 36 Update: golang-github-pelletier-toml-1.9.4-2.fc36

Go-toml provides the following features for using data parsed from TOML documents: - Load TOML documents from files and string data - Easily navigate TOML structure using Tree - Mashaling and unmarshaling to and from data structures - Line & column position data for all parsed elements - Query...

The vulnerability in the CDisplayPointer class implementation of the Microsoft Internet Explorer browser allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the CDisplayPointer class implementation in Microsoft Internet Explorer is related to resource management errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause a service failure through a specially created malicious web page...

DEBIAN-CVE-2022-33099

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

AZL-10045 CVE-2022-33099 affecting package lua for versions less than 5.4.3-4

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

AZL-41192 CVE-2022-33099 affecting package ntopng for versions less than 5.2.1-4

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

UBUNTU-CVE-2022-33099

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

ROS-20220701-01

Vim text editor vulnerability is related to boundary conditions in textobject.c. Exploitation The vulnerability could allow a remote attacker to create a special file, trick the victim into opening it, cause a read error outside the boundaries, and read the memory contents. victim to open it, cau...

The vulnerability of the ExpressLRS radio control system, related to errors in the code, allows a intruder to intercept the value of the UID identifier and gain full control over the device.

The vulnerability of the ExpressLRS radio control system is related to errors in the code. Exploiting this vulnerability could allow a malicious actor, operating remotely, to intercept the UID identifier and gain full control over the device...