SUSE CVE-2021-26930

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...

SUSE CVE-2021-28038

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations as a result of changes to the handling of grant mapping errors. A host OS denial of service may occur during...

SUSE CVE-2021-41687

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...

SUSE CVE-2021-43542

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

SUSE CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

SUSE CVE-2022-20008

In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...

SUSE CVE-2022-42325

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

SUSE CVE-2023-0565

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10...

The vulnerability of the ImageMagick graphics editor, related to resource management errors, allows a hacker to cause a service failure.

The vulnerability of the ImageMagick graphics editor is related to resource management errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure using the “profile” parameter...

MGASA-2023-0049 Updated phpmyadmin packages fix security vulnerability

Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...

MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors related to state transitions in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a...

PT-2023-1644 · Microsoft · Office Onenote

Name of the Vulnerable Software and Affected Versions: Microsoft OneNote affected versions not specified Description: The issue is related to errors in the representation of information by the user interface of Microsoft OneNote. Exploitation of this issue may allow a remote attacker to elevate...

PT-2023-1421 · Microsoft · Azure App Service

Name of the Vulnerable Software and Affected Versions: Azure App Service on Azure Stack Hub affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in Azure App Service on Azure Stack Hub. It is associated with access control errors. Exploitati...

5 Cloud Security Challenges Solved by CNAPP

Configuration errors are a major cause of cloud security challenges for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them...

The vulnerability in the implementation of the URL filtering mechanism for Cisco AsyncOS operating systems in Cisco Email Security Appliance (ESA) systems allows attackers to circumvent security restrictions.

The vulnerability of the URL filtering mechanism implemented in Cisco AsyncOS operating systems for Cisco Email Security Appliance ESA systems relates to security configuration errors. Exploiting this vulnerability can allow a malicious actor to circumvent security restrictions remotely...

Vulnerability of operating systems tvOS, iOS, macOS, iPadOS, and the Safari browser, related to type conversion errors, allowing attackers to execute arbitrary code.

The vulnerabilities of operating systems such as tvOS, iOS, macOS, iPadOS, and the Safari browser are related to type conversion errors. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code...

Business Logic Errors

heimdal is vulnerable to Business Logic Flaws. The vulnerability exists due to accidental logic inversions which allows an attacker to perform unwanted actions...

The vulnerability of the software for server-based web applications, LiteSpeed and OpenLiteSpeed, allows a perpetrator to execute arbitrary code.

The vulnerability of the LiteSpeed and OpenLiteSpeed web application server software relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

USN-5861-1: Linux kernel (Dell300x) vulnerabilities

It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-43945 Tamás Koczka discovered that th...

Chrome 110 Tackles a Collection of Security Weaknesses

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome version 110 is now being rolled out to the stable channels for Windows, Mac, and Linux users. This update includes bug fixes and improvements, specifically addressing security issues...