Business Logic Flaws

pimcore/customer-management-framework-bundle is vulnerable to Business Logic Flaws. The Conditions tab is vulnerable to business logic errors due to allowing a negative number as a counter...

EulerOS Virtualization 2.10.0 : libxml2 (EulerOS-SA-2023-1924)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1924)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALSA-2023:2785 Moderate: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 For...

Moderate: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

Siemens SISCO MMS-EASE Third Party Component Resource Management Errors (CVE-2015-6574)

The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service CPU consumption via a crafted packet. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

CVE-2023-21103

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-1...

Input validation

UNSUPPORTED WHEN ASSIGNED Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. NOTE: This vulnerability only affects products that are no longer supported by the maintainer The...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows a hacker to perform a spoofing attack.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...

qemu-kvm security, bug fix, and enhancement update

7.2.0-14 - Rebuild for 9.2 release - Resolves: bz2173590 bugs in emulation of BMI instructions for libguestfs without KVM - Resolves: bz2156876 virtual networkrhel7.9guest qemu-kvm: vhost vring error in virtqueue 1: Invalid argument 22 7.2.0-13 -...

The vulnerability of the Secure Socket Tunneling Protocol (SSTP) implementation in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Secure Socket Tunneling Protocol SSTP implementation in the Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the Windows Backup Service allows attackers to exploit it to enhance their own capabilities.

The vulnerability of the Windows Backup Service in operating systems involves errors related to privilege management. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of Microsoft Word, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of Microsoft Word is related to errors in security settings. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions remotely...

The vulnerability in the implementation of the LDAP Lightweight Directory Access Protocol on the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the LDAP Lightweight Directory Access Protocol implementation in the Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Graphics component in Windows operating systems, which allows attackers to exploit their privileges

The vulnerability of the Graphics component in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2023-32075

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

GHSA-X99J-R8VV-GWWJ Pimcore vulnerable to Business Logic Errors via Customer automation rules

Impact Business Logic Errors in the Conditions tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Patches Update to version 3.3.9 or apply this patch manually...

Pimcore vulnerable to Business Logic Errors via Customer automation rules

Impact Business Logic Errors in the Conditions tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Patches Update to version 3.3.9 or apply this patch manually...

CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...