PT-2022-16140 · Unknown · M1K1O/Blog

Name of the Vulnerable Software and Affected Versions: m1k1o/blog affected versions not specified Description: The issue concerns a lightweight self-hosted PHP blog, where errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload...

PT-2022-1674 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Common Log File System Driver, which can be exploited due to errors in security...

PT-2022-13238 · Rubygems +1 · Rubygems +1

Name of the Vulnerable Software and Affected Versions: Publify versions prior to 9.2.7 Description: The issue concerns business logic errors in the Publify repository. This affects the Rubygems typo package as well. There is no information provided about the estimated number of potentially affect...

Yokogawa Vnet/IP Open Communication Driver Resource Management Errors (CVE-2018-16196)

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver CENTUM CS 3000R3.05.00 - R3.09.50, CENTUM CS 3000 Entry ClassR3.05.00 - R3.09.50, CENTUM VPR4.01.00 - R6.03.10, CENTUM VP Entry ClassR4.01.00 - R6.03.10, ExaopcR3.10.00 - R3.75.00, PRMR2.06.00 - R3.31.00, ProSafe-RSR1.02.00...

Schneider Electric Modicon Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-7851)

CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmware prior to V2.50, Modicon M340 with firmware prior to V3.01, BMxCRA312xx with firmware prior to V2.40, All firmware versions of Modicon Premium and 140CRA312xxx when sending a specially crafted Modbus packet, which could caus...

The vulnerability of the Windows operating system’s kernel, related to errors in code generation, allows a hacker to execute arbitrary code.

The vulnerability of the Windows operating system’s kernel is related to errors in code generation control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the target system...

The vulnerability of the Windows HTML Platform component of the Windows operating system, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of the Windows HTML Platform component of the Windows operating system is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions remotely...

Mitsubishi Electric MELSEC iQ-R Resource Management Errors (CVE-2020-5658)

Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before,...

Schneider Electric Modicon Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-7838)

A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FT...

Emerson OSE Credentials Management Errors (CVE-2013-0694)

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Business Logic Errors in SilverStripe Framework

SilverStripe Framework prior to version 4.10.1 is vulnerable to business logic errors...

PT-2022-1889 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing a remote attacker to conduct spoofing attacks. Recommendations: At the moment,...

PT-2022-1980

Name of the Vulnerable Software and Affected Versions Microsoft Word affected versions not specified Description The issue is related to errors in security settings of Microsoft Office and Microsoft 365 Apps for Enterprise packages, which can allow an attacker to bypass security features...

SUSE-SU-2022:0325-1 Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3)

This update for the Linux Kernel 4.4.180-94141 fixes several issues. The following security issues were fixed: - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server lies in information representation errors in the user interface, which allows attackers to perform spoofing attacks.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server relates to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spoofing attacks using specially...

PT-2022-1361 · Google +4 · Android Kernel +4

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to the mmc blk read single function in block.c, which can lead to local information disclosure due to uninitialized data. This could happen when reading...

Business Logic Errors in publify/publify

Description It was found that if a user tries to create an article, and want to make that article private, the functionality is not working. Proof of Concept 1. Create an article 2. Click on publish and you will see the option to visibility to make it private, but functionality is not designed...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5268-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5268-1 advisory. Keyu Man discovered that the ICMP implementation in the Linux kernel did not properly handle received ICMP error packets. A remote attacker...

How to resolve certificate errors encountered after an upgrade of the ELM

Unable to create layers after an upgrade, One of the below errors is seen. "The issuing certificate does not have a usable private key" "Certificate doesn't contain private key"...

resource-agents bug fix and enhancement update

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability HA environment. Bug Fixes and Enhancements: gcp-vpc-move-vip, gcp-vpc-move-route, gcp-pd-move: A failed...