The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in errors during the assignment of permissions to files, allowing a hacker to execute arbitrary code.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to errors in granting permissions for files. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

CVE-2023-29469

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

Arbitrary Code Execution

vm2 is vulnerable to Arbitrary Code Execution. The vulnerability exists because the newWrapped function of setup-sandbox.js does not properly handle host objects passed to Error.prepareStackTrace in case of unhandled async errors, which allows an attacker to bypass the sandbox protections and...

PT-2023-2271 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Layer 2 Tunneling Protocol L2TP in Windows operating systems. This can allow a...

PT-2023-2304 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server versions affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in Windows DNS Server, allowing a remote attacker to execute arbitrary code. This can...

PT-2023-2303 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in Windows DNS Server, allowing remote attackers to execute arbitrary code and affect the system...

PT-2023-2288 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Layer 2 Tunneling Protocol L2TP in Windows operating systems. This can allow a...

The vulnerability of the SORBAx64.dll database, which is used for receiving and analyzing data in industrial control systems managed by KingHistorian, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SORBAx64.dll database, which is used for receiving and analyzing data in industrial control systems like KingHistorian, is related to type conversion errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

PT-2023-2466 · Microsoft · Windows Clip Service +1

Name of the Vulnerable Software and Affected Versions: Windows Clip Service affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Windows Clip Service of Windows operating systems. This can allow an attacker to elevate their...

PT-2023-2463 · Microsoft · Windows Enroll Engine +1

Name of the Vulnerable Software and Affected Versions: Windows Enroll Engine affected versions not specified Description: The issue is related to errors in security settings of the Windows Enroll Engine component in Windows operating systems. Exploitation of this issue may allow a remote attacker...

The vulnerability of Microsoft Edge browser on Android, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge browser on Android is related to information representation errors in the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks by manipulating parameters...

libxml2 资源管理错误漏洞

libxml2 is an open source library used to parse XML documents . It is written in C, and can be called for a variety of languages, such as C, C++, XSH. A security vulnerability exists in libxml2 versions prior to 2.10.4. An attacker could exploit this vulnerability to cause various logic or memory...

PT-2023-2399 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows Internet Key Exchange IKE Protocol Extensions affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Internet Key Exchange IKE protocol ...

The vulnerability of the client installer for conducting real-time audio and video conferences. Zoom Client for IT Admins allows a perpetrator to elevate their privileges to the level of SYSTEM.

The vulnerability of the client installer for conducting real-time audio and video conferences in Zoom Client for IT Admins is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to elevate their privileges to the SYSTEM level...

CVE-2023-29017

A flaw was found in vm2 where the component was not properly handling asynchronous errors. This flaw allows a remote, unauthenticated attacker to escape the restrictions of the sandbox and execute code on the host. Mitigation Mitigation for this issue is either not available or the currently...

Adobe Connect 11.4.5 - Local File Disclosure Vulnerability

Title: Adobe Connect 11.4.5 - Local File Disclosure Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 and earlier User interaction: None Tested on...

vm2 vulnerable to sandbox escape

vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. - vm2 version: 3.9.14 - Node version: 18.15.0, 19.8.1, 17.9.1 Impact A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the...

The vulnerability of the Gatekeeper component of the macOS Ventura operating system, which allows a perpetrator to increase their privileges

The vulnerability of the Gatekeeper component in the macOS Ventura operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2023-29017

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code...

Remote code execution

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code...