CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

Microsoft Edge’s vulnerability, related to security configuration errors, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

The vulnerability of the microprogrammed software of the Surface Pro 3 touchscreen display, related to authentication errors, allows a intruder to circumvent existing security restrictions.

The vulnerability of the microprogrammed sensor display software in the Surface Pro 3 is related to authentication errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

The vulnerability in the implementation of the vim_regexec_string() function in the Vim text editor allows a hacker to trigger a service failure.

The vulnerability of the vimregexecstring function in the Vim text editor is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the Microsoft Office software package, related to security configuration errors, allows attackers to disclose sensitive information.

The vulnerability of the Microsoft Office suite is related to security configuration errors. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by the system’s security measures...

CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

The vulnerability of the u32_change() function in the link counter component of the Linux kernel’s net/sched module allows a attacker to elevate their privileges to root level.

The vulnerability of the u32change function, which is used by the link counter in the net/sched component of the Linux operating system’s kernel, is related to errors during link counter updates. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

Microsoft Edge’s vulnerability, related to security configuration errors, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...

Apple Mac OS X Security Update (HT213255)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-38753)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. pimcore suffers from a cross-site scriptin...

HTTP Parameter Pollution

An HTTP Parameter Pollution HTTP exploits the possibility of including several parameters with the same name in an HTTP request or by including a new encoded parameter. Depending on the web server, its parameters will be parsed in a different way i.e. parsing only the first/last occurrence of the...

The vulnerability of the RubyGems.org hosting service, related to authentication errors, allows a perpetrator to gain access to create, modify, or delete data.

The vulnerability of the RubyGems.org hosting service is related to authentication errors during data copying. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to create, modify, or delete data...

Debian: Security Advisory (DLA-3012-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : kernel (ELSA-2022-1988)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1988 advisory. - netfilter: nftablesoffload: incorrect flow offload action array size Florian Westphal 2056728 CVE-2022-25636 - RDMA/cma: Do not change...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of Windows operating system kernels arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the AWS VPN Client service, related to synchronization errors when using a shared resource, allows a perpetrator to escalate their privileges or cause a service failure.

The vulnerability of the AWS VPN Client is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges or cause service interruptions...