The vulnerability of the Yokogawa CENTUM VP SCADA system, related to errors in the code, allows a intruder to execute arbitrary commands.

The vulnerability of the Yokogawa CENTUM VP SCADA system is related to errors in the code. Exploiting this vulnerability allows an intruder to execute arbitrary code by modifying the project files and injecting their own code into them, which will be executed upon a specified event...

The vulnerability of the BitLocker data protection function of the Microsoft Windows operating system, which allows a hacker to bypass the authentication process

The vulnerability of the BitLocker data protection function in the Microsoft Windows operating system is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass the authentication process...

PT-2022-4165 · Xen +5 · Xen +5

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is caused by synchronization errors when using shared resources in components of the Xen hypervisor, including blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, a...

PT-2022-4540 · Unknown +5 · Xen Hypervisor +5

Name of the Vulnerable Software and Affected Versions: Xen hypervisor affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the blkfront driver of the Xen hypervisor. Exploitation of this issue may allow an attacker to cause a...

The vulnerability of the Autofill function implementation in Google Chrome browser allows attackers to exploit and disclose protected information.

The vulnerability of the Autofill function in Google Chrome browser is related to errors in information representation by the user interface. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information through a specially crafted HTML page...

The vulnerability of the `copy_page_to_iter_pipe` and `push_pipe` functions in the Linux operating system allows a hacker to overwrite the contents of page cache for arbitrary files.

The vulnerability of the copypagetoiterpipe and pushpipe functions in the Linux operating system is related to errors in permission storage. Exploiting this vulnerability could allow an attacker to rewrite the contents of page cache for arbitrary files...

PT-2022-1968 · Microsoft · Windows Mshtml Platform +1

Name of the Vulnerable Software and Affected Versions: Windows HTML Platforms affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to disclose protected information. It is a security-feature bypass vulnerability that affects...

PT-2022-4166 · Xen +5 · Xen +5

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the xenbus component of the Xen hypervisor. Exploitation of this issue may allow an attacker to cause a denial of...

PT-2022-4330 · Unknown +5 · Xen Hypervisor +5

Name of the Vulnerable Software and Affected Versions: Xen hypervisor affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the gntalloc driver of the Xen hypervisor. Exploitation of this issue may allow an attacker to cause a...

CVE-2021-40846

An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP to check, and request, updates. Thus, attackers can man-in-the-middle a victim to download a malicious binary in place of the real update, with no SSL errors or warnings...

Free HermeticRansom Ransomware Decryptor Released

A free decryptor is out to unlock a ransomware found piggybacking on the HermeticWiper data wiper malware that ESET and Broadcom’s Symantec discovered targeting machines at financial, defense, aviation and IT services outfits in Ukraine, Lithuania and Latvia last week. The fact that there was...

The vulnerability of the SELECT_LEX::nest_level component of the MariaDB database management system allows a attacker to cause a service failure.

The vulnerability of the SELECTLEX::nestlevel component of the MariaDB database management system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of NETGEAR RAX200 router’s built-in software, related to code errors, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of NETGEAR RAX200 router’s built-in software is related to errors in the code. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20220304-01

Vulnerability in snapd's snap packet management daemon, related to insufficient validation of interface snapd content and layout paths. Exploitation of the vulnerability could allow an attacker to enforce arbitrary AppArmor policy rules through a corrupted content interface and layout declaration...

PYSEC-2022-164

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...

The vulnerability of the QNX Neutrino operating system’s kernel allows a perpetrator to escalate their privileges.

The vulnerability of the QNX Neutrino operating system’s kernel is related to privilege management errors. Exploiting this vulnerability can allow an attacker to increase their privileges...

Business Logic Errors

microweber/microweber is vulnerable to business logic errors. The vulnerability exists in updatecart function of CartManager.php due to missing validations which allows an attacker to exploit the flaw...

The vulnerability of the CmActLicense component in the CodeMeter license management application allows a violator to rename any files at will.

The vulnerability of the CmActLicense component in the CodeMeter license management application is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to rename arbitrary files remotely...

ROS-2-708

2.708 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...

CVE-2022-0746

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0...