11191 matches found
The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a hacker to circumvent security restrictions.
The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent security restrictions...
Vulnerability of the Node.js software platform’s Relative Distinguished Name (RDN) component, which allows attackers to perform spoofing attacks
The vulnerability of the Relative Distinguished Name RDN component in the Node.js software platform is related to errors in the certificate validation process. Exploiting this vulnerability allows attackers to perform spear-phishing attacks remotely...
The vulnerability of the Modern Execution Server component for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Modern Execution Server component for Windows operating systems is related to errors in code generation control. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...
Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
flynn/noise has improper nonce handling yielding potential state DoS
The Go package github.com/flynn/noise, a Noise Protocol implementation, has two bugs in nonce handling in versions prior to v1.0.0. Issue 1: Potential nonce overflow If 264 18.4 quintillion or more messages are encrypted with Encrypt after handshaking, the nonce counter will wrap around, causing...
PT-2022-17143 · Jenkins · Jenkins Doktor Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Doktor Plugin version 0.4.1 and earlier Description: The issue allows attackers who can control agent processes to determine whether a file with a given name exists on the controller, by exploiting the functionality that renders files...
Business Logic Errors in microweber/microweber
Description The product is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login to the application, Navigate to Shops - Products - Add Product Step 2: Fill in all the required details with Pricing parameter as -100 and click on save. Here an item is...
The vulnerability of the Windows Certificate component in Windows operating systems allows attackers to carry out spoofing attacks.
The vulnerability of the Windows Certificate component in Windows operating systems is related to errors in the certificate validation process. Exploiting this vulnerability can allow attackers to carry out spoofing attacks...
MCS catalog creation fails when using dedicated host
Administrators may encounter the following error message when using MCS with Amazon AWS hosting connections: Transaction ID: XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX Action Name: MCAddMachineInitialzation Exception: : Domain name\machine-name$, Failed to create the virtual machine; Domain...
The vulnerability of the Windows Extensible Firmware Interface in the Windows operating system allows a hacker to perform a system shutdown.
The vulnerability of the Windows Extensible Firmware Interface in the operating system Windows is related to authentication errors when accessing files in the EFI partition. Exploiting this vulnerability can allow an attacker to perform a denial-of-service attack...
Publify Business Logic Errors
Publify formerly known as Typo prior to version 9.2.7 is vulnerable to business logic errors...
Xwiki Platform 输入验证错误漏洞
Xwiki Platform is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to input validation errors, which can be exploited by attackers to redirect users to malicious sites for phishing and other attacks...
Business Logic Errors in Publify
Publify formerly known as Typo prior to version 9.2.7 is vulnerable to business logic errors...
CVE-2022-0524
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...
CVE-2022-0524
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...
Code injection
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...
CVE-2022-0524
CVE-2022-0524 concerns business logic errors in Publify (Typo) prior to version 9.2.7. Multiple sources confirm the issue affects the Publify repository and Rubygems packaging, with remediation to update to 9.2.7 or later. The available documents describe the vulnerability class as business logic...
CVE-2022-0524 Business Logic Errors in publify/publify
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...
CVE-2022-0524 Business Logic Errors in publify/publify
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...
OPENSUSE-SU-2022:0283-1 Security update for samba
CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; bso14911; bsc1193690; - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfsfruit allows code execution; bso14914; bsc1194859; - CVE-2022-0336: Samba AD users...