CVE-2023-0565 Business Logic Errors in froxlor/froxlor

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10...

The vulnerability of the log management tool vRealize Log Insight and the VMware Cloud Foundation virtualization platform, related to access control errors, allows a perpetrator to execute arbitrary code.

The vulnerability of the log management tool vRealize Log Insight and the virtualization platform VMware Cloud Foundation is related to access control errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...

QA Report

See the markdown file with the details of this report here. --- The text was updated successfully, but these errors were encountered: All reactions...

The High Cost of Human Error In OT Systems

In baseball, a mistake made by a player that could have easily been avoided is sometimes called an “unforced error.” An unforced error is not an official error that is, they are not reflected in statistics, however, they can result in additional runs being scored, runners getting on base, and eve...

Chrome 109 addresses an array of security flaws

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chromes latest stable channel update for Windows, Mac, and Linux addresses a number of security flaws. The flaws allow a remote attacker to get access to potentially sensitive information b...

Vulnerabilities of the xtables-nft-multi and xtables-legacy-multi tools in the iptables package of the EMIAS OS operating system, which allow a hacker to trigger a memory leak.

The vulnerabilities of the xtables-nft-multi and xtables-legacy-multi tools in the iptables package of the EMIAS OS operating system are related to memory release errors. Exploiting these vulnerabilities can allow an attacker to cause service failures or other adverse effects...

The vulnerability of the Bluetooth driver for Microsoft Windows operating systems, which allows a hacker to gain increased privileges

The vulnerability of the Bluetooth driver for Microsoft Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Oracle Linux 9 : libxml2 (ELSA-2023-0338)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0338 advisory. - Fix CVE-2022-40303 2136564 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

libxml2: dict corruption caused by entity reference cycles

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...

The vulnerability of the command-line interface (CLI) of Cisco IOS XE operating systems for Cisco Catalyst 9000 Series network devices is related to privilege assignment errors, which allow an attacker to execute arbitrary commands.

The vulnerability of the command-line interface CLI of Cisco IOS XE operating systems for Cisco Catalyst 9000 Series network devices is related to privilege assignment errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the Cisco IOS XE base operating...

The vulnerability of the Windows GDI component in Microsoft Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows GDI component in Microsoft Windows systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of Zoom’s video conferencing software relates to synchronization errors when using shared resources, allowing attackers to execute arbitrary code with system privileges.

The vulnerability of Zoom’s video conferencing software is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to execute arbitrary code with system privileges...

The vulnerability of the network traffic analysis, network detection, and response mechanism of the Cortex XDR Agent, related to code errors, allows attackers to trigger a service failure for Windows system services.

The vulnerability of the Cortex XDR Agent, which is responsible for network traffic analysis, network detection, and response, is related to code errors. Exploiting this vulnerability can allow attackers to cause system services under Windows to fail...

The vulnerability of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud, related to pointer assignment errors, allows attackers to trigger service interruptions.

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud are related to pointer assignment errors. Exploiting these vulnerabilities can allow attackers to cause service failures...

The vulnerability of the Event Tracing service in Microsoft Windows operating systems allows attackers to disclose protected information.

The vulnerability of the Event Tracing service in Microsoft Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

The vulnerability of the Windows Installer component on Windows operating systems, which allows a hacker to increase their privileges

The vulnerability of the Windows Installer component in Windows operating systems is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

Inadequate Maximum Orders Value in Determining Minimum Buy Amount Per Order

Lines of code Vulnerability details Impact The MAXORDERS constant is defined as a uint96, which has a maximum value of 2^96-1. This means that the maximum number of orders that the contract is able to handle is 2^96-1. However, if the number of orders exceeds this maximum value, the calculation f...

The vulnerability of the Windows Local Session Manager (LSM) component of the Windows operating system allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Windows Local Session Manager LSM component of the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the device...

The vulnerability of the Smart Card Resource Management Server, a server for managing smart card resources on the Microsoft Windows operating system, arises due to security configuration errors. This vulnerability allows attackers to circumvent security restrictions.

The vulnerability of the Smart Card Resource Management Server, a server for managing smart card resources in the Microsoft Windows operating system, is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent security restrictions and enhance thei...