The vulnerability of the icmpping function in the universal monitoring system Zabbix allows a intruder to execute arbitrary code.

The vulnerability of the icmpping function in the Zabbix universal monitoring system is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the template mechanism in the SugarCRM system allows a perpetrator to execute arbitrary code.

The vulnerability of the template mechanism in the SugarCRM system is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafted PNG file, which contains embedded PHP code...

GitLab 12.6 < 13.12.9 / 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22256)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status CVE-2021-22256 Note that Nessus has not tested fo...

CVE-2023-23430

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

GHSA-488M-W9FP-5MM2 Infinispan circular object references causes out of memory errors

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

Infinispan circular object references causes out of memory errors

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

NewStart CGSL MAIN 6.06 : gnutls Multiple Vulnerabilities (NS-SA-2023-0100)

The remote NewStart CGSL host, running version MAIN 6.06, has gnutls packages installed that are affected by multiple vulnerabilities: - An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with...

The vulnerability of the update loader for the Plantronics Hub application, which allows a hacker to elevate their privileges.

The vulnerability of the application update downloader for controlling audio device settings in Plantronics Hub is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow attackers to increase their privileges...

PT-2023-31920 · Steve Community · Ocpp-Jaxb

Name of the Vulnerable Software and Affected Versions: SteVe Community ocpp-jaxb versions prior to 0.0.8 Description: The issue generates invalid timestamps, such as ones with month 00, in certain situations. This can occur when an application receives a StartTransaction Open Charge Point Protoco...

ocpp-jaxb security vulnerability

ocpp-jaxb is the Java mapping for OCPP. A security vulnerability exists in SteVe Community ocpp-jaxb versions prior to 0.0.8 that stems from an invalid timestamp being generated under certain circumstances, leading to SQL exceptions in the application and potentially compromising the integrity of...

The vulnerability of the scanning function of SSL/TLS-protocol-based antivirus software from ESET, including ESET NOD32, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus for Windows, ESET Endpoint Security for Windows, ESET Endpoint Antivirus for Linux, ESET Server Security for Windows Server (File Security for Microsoft Windows Server), ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Microsoft SharePoint Server, ESET File Security for Microsoft Azure, and ESET Server Security for Linux, allows attackers to bypass the security measures.

The vulnerability of the scanning function of SSL/TLS-protection in ESET NOD32 antivirus software, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate, ESET Endpoint Antivirus for Windows, ESET Endpoint Security for Windows, ESET Endpoint Antivirus for Linux, ESET Server...

The vulnerability of the TLS implementation of the RTU500 Scripting Interface for programming logic controllers from Hitachi Energy allows attackers to gain unauthorized access to protected information and perform spoofing attacks.

The vulnerability of the TLS implementation in the RTU500 Scripting Interface for programming logic controllers from Hitachi Energy relates to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information a...

The vulnerability of Firefox browsers, including Firefox ESR, relates to information representation errors in the user interface, which allows attackers to carry out clickjacking attacks.

The vulnerability of Firefox browsers and Firefox ESR lies in information representation errors at the user interface level. Exploiting this vulnerability allows a remote attacker to carry out a clickjacking attack...

The vulnerability in the isolated iframe environment of Mozilla Firefox allows a perpetrator to circumvent existing security restrictions.

The vulnerability in the isolated iframe environment of Mozilla Firefox is related to data interpretation errors. Exploiting this vulnerability can allow a remote attacker to bypass existing security restrictions...

MaxHeapify: find children with large value and swap

Lines of code Vulnerability details Input Validation: - The maxHeapify function assumes that pos is a valid position within the heap. - Similar to the swap function, you should consider adding a check to verify that pos is within the bounds of your heap. requirepos size, "Invalid position...

Input Validation for 'createBid' Function

Lines of code Vulnerability details Potential Risk: The 'createBid' function in the contract is responsible for allowing users to place bids on a Verb auction by sending Ether. While the function includes several checks, it lacks explicit input validation for certain parameters, which could lead ...

CVE-2023-47703

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 271197...

Advisory ROSA-SA-2023-2312

Software: java-1.8.0-openjdk 1.8.0.392.b08 OS: rosa-server79 packageevrstring: java-1.8.0-openjdk-1.8.0.392.b08-2.res7 CVE-ID: CVE-2023-22045 BDU-ID: 2023-04350 CVE-Crit: LOW CVE-DESC.: A vulnerability in the Hotspot component of the Java SE software platform and Oracle GraalVM Enterprise Edition...

Advisory ROSA-SA-2023-2308

Software: libarchive 3.3.3 OS: ROSA Virtualization 2.1 packageevrstring: libarchive-3.3.3.3-5.0.1.rv3.src.rpm CVE-ID: CVE-2018-1000879 BDU-ID: 2020-01816 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the archiveaclfromtextlins function of the libarchive library is related to NULL pointer...

AZL-32199 CVE-2023-6918 affecting package libssh for versions less than 0.10.6-1

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...