The vulnerability of the Cluster Shared Volumes file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems allows attackers to increase their privileges and gain unauthorized access to protected information.

The vulnerability of the Cluster Shared Volumes CSV file system for Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges and gain unauthorized access to protected information...

The vulnerability of the ClamAV antivirus software library and the Cisco AMP security tool for end devices allows a perpetrator to trigger a service failure.

The vulnerability of the ClamAV antivirus software library and the Cisco AMP tool for protecting against malicious software in end devices is related to resource management errors during CHM file syntax analysis. Exploiting this vulnerability can allow a remote attacker to cause service...

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of Windows Push Notification apps, which allow attackers to escalate their privileges.

The vulnerability of Windows Push Notification apps related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of the implementation of the VPN Secure Sockets Layer (SSL) function in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a attacker to cause service interruptions.

The vulnerability of the implementation of the VPN Secure Sockets Layer SSL function in microprogramming-based network interface controllers from Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to resource management errors. Exploiting this vulnerability c...

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue. The warning comes amid shared reports of multiple services and...

Citrix Hypervisor 8.2 : MCS Catalog update deletes Target base disks.

Xenserver audit.log throwsERROR:NOTSUPPORTEDDURINGUPGRADE Mar 30 02:38:59 XXXXX xapi: 20220330T00:38:59.214Z|audit||8715 HTTP 10.1.XX.XX-:::80|VDI.setonboot R:780016cf9118|audit 'trackid=39b4363b70f699b0ab419280ab8b4fe2' 'S-1-XXXX-XX-XX-8' 'XX\\XXXXX' 'ALLOWED' 'ERROR:NOTSUPPORTEDDURINGUPGRADE :...

Cross-site Scripting (XSS)

Overview phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB. Affected versions of this package are vulnerable to Cross-site Scripting XSS through various components, including specially crafted table names, logbin directive configuration, AJAX error handling, and features such as...

Expected Behavior Violation in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

GHSA-9HG2-395J-83RM Expected Behavior Violation in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

The vulnerability of the input protection mechanism in Cisco Firepower Management Center (FMC) software allows a hacker to disclose the protected information.

The vulnerability of the input protection mechanism in Cisco Firepower Management Center FMC software is related to errors in processing incoming data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Adobe InDesign < 16.4.2 / 17.0 < 17.2.0 Multiple Arbitrary code execution (APSB22-23)

The version of Adobe InDesign installed on the remote Windows host is prior to 16.4.2, 17.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-23 advisory. - Adobe InDesign versions 17.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds write...

USN-5417-1 linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive...

USN-5415-1 linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service system crash. CVE-2020-27820 Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor...

missing input validation for _liquidityPool

189 comment Warden: kenta missing input validation for liquidityPool. The owner can change always liquidityPool but this liquidityPool will be used to execute low-level calls. To avoid errors with an empty address this must be checked always. requireliquidityPool != address0, “liquidityPool canno...

The vulnerability of the PlayTo Manager component for Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the PlayTo Manager component for Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the SEV-SNP secure nested paging implementation for virtual machines running on AMD processor-based servers allows a attacker to disclose protected information by executing attacks through auxiliary channels.

The vulnerability of the SEV-SNP secure nested paging implementation for virtual machines running on AMD processor-based servers is related to data encryption errors. Exploiting this vulnerability can allow attackers to disclose sensitive information by launching attacks through secondary channel...