The vulnerability of the Honeywell ProWatch software platform for remote monitoring and control of buildings, related to data processing errors, allows a intruder to execute arbitrary code.

The vulnerability of the Honeywell ProWatch software platform for remote monitoring and control is related to data processing errors. Exploiting this vulnerability could allow a intruder to execute arbitrary code...

Upgraded Q -> 2 from #304 [1701018148851]

Judge has assessed an item in Issue 304 as 2 risk. The relevant finding follows: Incorrect minTotalContribution and minContribution Interaction --- The text was updated successfully, but these errors were encountered: All reactions...

SUSE CVE-2023-46671

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allows attackers to carry out clickjacking attacks.

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to carry out a clickjacking attack...

GHSA-HX93-GC73-5RPR Exposure of Sensitive Information in Elastic APM .NET Agent

The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...

The vulnerability of the Dynamics server software for resource planning in Microsoft Dynamics 365 allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Dynamics resource planning software for Microsoft Dynamics 365 is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of Microsoft On-Premises Data Gateways lies in security configuration errors, allowing attackers to circumvent security restrictions.

The vulnerability of Microsoft On-Premises Data Gateways is related to errors in security settings when processing certificates. Exploiting this vulnerability allows a malicious actor to bypass security restrictions by sending a specially crafted web request...

The vulnerability of the Microsoft .NET Framework software, related to security configuration errors, allows a perpetrator to gain access to the hidden parts of a web application.

The vulnerability of the Microsoft.NET Framework is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to restricted parts of a web application by sending a specially crafted request...

The vulnerability of the Microsoft Office software package, related to security configuration errors, allows attackers to bypass security restrictions and enhance their privileges.

The vulnerability of the Microsoft Office suite is related to security configuration errors. Exploiting this vulnerability can allow attackers to bypass security restrictions and enhance their privileges by opening a specially created malicious file...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of the Windows operating system’s kernel is related to synchronization errors when using a shared resource „Race Conditions“. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to security mechanism errors, allows a intruder to alter the user interface.

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability could allow a malicious actor to alter the user interface remotely...

Advisory ROSA-SA-2023-2298

Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-6.0.1.rv3.src.rpm CVE-ID: CVE-2021-4209 BDU-ID: 2022-01898 CVE-Crit: MEDIUM CVE-DESC.: An implementation vulnerability in the wrapnettlehashfast function of the GnuTLS cryptographic library is related to pointer...

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

Adobe Photoshop Multiple Vulnerabilities (APSB23-56) - Windows

Adobe Photoshop is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:photoshop";...

The vulnerability of the Zoom Rooms video conferencing service for macOS allows a intruder to escalate their privileges.

The vulnerability of the Zoom Rooms video conferencing service for macOS is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to increase their privileges...

The vulnerability of the cap_net service in the FreeBSD operating system allows a hacker to modify the list of allowed domain names.

The vulnerability of the capnet service in the FreeBSD operating system is related to errors in privilege management. Exploiting this vulnerability could allow a malicious actor to modify the list of allowed domain names...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of the Windows operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

Pricing inconsistencies introduced via rounding/truncation errors

Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...

Incorrect fee splitting logic

Lines of code Vulnerability details Impact The fee splitting logic does not properly attribute holder and creator rewards. By splitting fees from the total rather than incrementally, it distorts the proportional rewards earned over time. This could undermine the incentive structures and alignment...

The vulnerability of the Pragmatic General Multicast protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Pragmatic General Multicast protocol implementation in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...