CVE-2022-31023 Dev error stack trace leaking into prod in Play Framework

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by...

CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...

DEBIAN-CVE-2022-31799

Bottle before 0.12.20 mishandles errors during early request binding...

OESA-2022-1691 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Non-transparent sharing of branch predictor within a context in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access.CVE-2022-0002 In the Linux kernel before 5.17.3,...

The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices allows a perpetrator to escalate their privileges or execute arbitrary commands.

The vulnerability of the CLI component of the Cisco IOS XE operating system for Cisco Catalyst 9000 Series network devices is related to privilege assignment errors. Exploiting this vulnerability can allow an attacker to enhance their privileges or execute arbitrary commands...

PT-2022-2789 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based Description: The issue is related to synchronization errors when using a shared resource, allowing a remote attacker to potentially elevate their privileges. Recommendations: At the moment, there is no informatio...

The vulnerabilities of OPC UA data transfer specification implementations in industrial networks, related to pointer dereferencing errors, allow attackers to trigger service failures.

The vulnerability of OPC UA data transmission implementations in industrial networks is related to pointer dereferencing errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

PT-2022-2879 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in Microsoft Edge. It may allow a remote attacker to elevate their privileges...

The vulnerability of the diagnostic data collection and troubleshooting tool from Microsoft Support Diagnostics Tool for Windows operating systems, related to errors in processing the invoked URL address, allows a perpetrator to execute arbitrary code with privileges of the invoking application.

The vulnerability of the Microsoft Support Diagnostics Tool for collecting diagnostic data and troubleshooting issues on Windows operating systems is related to errors in processing the requested URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with privileges...

ROS-20220530-03

Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...

Upgraded Q -> M from 94 [1653831846680]

Judge has assessed an item in Issue 94 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

BathToken with initial liquidity of 1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The creator of a new BathToken is able to maliciously manipulate the share price by providing lowest possible amount 1 wei of liquidity initialLiquidityNew and then artificially blowing up the BathToken token balance. Following depositors will loose thei...

Security update for libredwg (moderate)

SUSE Security Update: Security update for libredwg Announcement ID: openSUSE-SU-2022:0149-1 Rating: moderate References: 1193372 1194767 Cross-References: CVE-2021-28237 CVE-2022-21658 CVSS scores: CVE-2022-21658 NVD : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-21658 SUSE: 6.2...

The vulnerability of Windows Hyper-V’s hardware virtualization technology allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows Hyper-V hardware virtualization system in Windows operating systems is related to errors in information processing. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information remotely...

The vulnerability of the Windows operating system’s kernel allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows operating system’s kernel is related to errors in information processing. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

The vulnerability of the Storage Spaces Direct distributed storage function in the Microsoft Windows operating system allows a hacker to exploit their privileges.

The vulnerability of the Storage Spaces Direct distributed storage function in the Microsoft Windows operating system is related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Windows iSCSI Target service allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Windows iSCSI Target service for Windows operating systems is related to errors in information processing. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Business Logic Errors in Para

Paraara prior to version 1.46.0 is vulnerable to business logic errors. A user can create more than one app, even after they reach the app limit...

GHSA-4793-8WWH-JXXR Business Logic Errors in Para

Paraara prior to version 1.46.0 is vulnerable to business logic errors. A user can create more than one app, even after they reach the app limit...

AttesterSlashing number overflow

Impact Possible consensus split given maliciously-crafted AttesterSlashing or ProposerSlashing being included on-chain. Since we represent uint64 values as native javascript numbers, there is an issue when those variables with large greater than 2^53 uint64 values are included on chain. In those...