CVE-2023-29017 vm2 Sandbox Escape vulnerability

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code...

The vulnerability of the P5E GNSS satellite receiver’s microprogramming software, related to errors during authentication procedures, allows a violator to increase their privileges.

The vulnerability of the P5E GNSS satellite receiver’s microprogramming software is related to errors during the authentication process. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...

vm2 安全漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. A security vulnerability exists in vm2 versions prior to 3.9.15 that stems from vm2 not properly handling passed host...

CVE-2023-1887

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Code injection

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1887

CVE-2023-1887 affects thorsten/phpmyfaq prior to 3.1.12. The vulnerability stems from business logic errors that let users with edit-only permissions add/delete categories and add FAQs. The issue is fixed in version 3.1.12. Affected versions before 3.1.12 should upgrade to 3.1.12 or apply the ven...

CVE-2023-1887 Business Logic Errors in thorsten/phpmyfaq

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1887 Business Logic Errors in thorsten/phpmyfaq

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1887 Business Logic Errors in thorsten/phpmyfaq

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-27491

A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service...

The vulnerability of the WorkSource function in Android operating systems, which allows a hacker to increase their privileges

The vulnerability of the WorkSource function in Android operating systems is related to errors in the certificate validation process. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the DevTools suite for web development in Google Chrome and Microsoft Edge browsers allows attackers to escalate their privileges.

The vulnerability of the DevTools suite for web development in Google Chrome and Microsoft Edge is related to type conversion errors. Exploiting this vulnerability can allow an attacker to gain increased privileges remotely...

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere, related to errors in processing the relative path to the catalog, allows a hacker to gain read access to files located outside the protected web server.

The vulnerability of extensions for providing access to InTouch Access Anywhere and Plant SCADA Access Anywhere lies in errors in processing the relative path to the catalog. Exploiting this vulnerability could allow a malicious actor to gain read access to files located outside the protected web...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in errors in XML request processing, which allow attackers to gain unauthorized access to protected information.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to errors in processing XML requests. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the bridge2 component of the Bridge interface in the RouterOS operating system of MikroTik routers allows a hacker to cause a service failure.

The vulnerability of the bridge2 component in the Bridge interface of the RouterOS operating system for MikroTik relates to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service failure by sending specially crafted packets...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to errors in TrustCor (CVE-2022-23491)

Summary BM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to errors in TrustCor CVE-2022-23491 due to TrustCor's ownership and operation of a business that produced spyware. CVE-2022-23491. This component was previously included as part of the Base OS used by our servic...

OESA-2023-1188 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.CVE-2022-27672 A flaw was found in...

Foxit PDF Reader Resource Management Error Vulnerability (CNVD-2023-25117)

Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader is vulnerable to resource management errors, which can be exploited to execute arbitrary code in the context of the current process...

CVE-2023-1014

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.This issue affects Vira-Investing: before 1.0.84.86...

An attacker can manipulate the preDepositvePrice to steal from other users.

Lines of code Vulnerability details Impact The first user that stakes can manipulate the total supply of sfTokens and by doing so create a rounding error for each subsequent user. In the worst case, an attacker can steal all the funds of the next user. Proof of Concept When the first user enters...