CVE-2022-4719 Business Logic Errors in ikus060/rdiffweb

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5...

Fedora 36 : libxml2 / xmlsec1 (2022-aeafd24818)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-aeafd24818 advisory. Update to 2.10.3 Fix CVE-2022-40303 Fix CVE-2022-40304 Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2022-4719 Business Logic Errors in ikus060/rdiffweb

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5...

CVE-2022-4719 Business Logic Errors in ikus060/rdiffweb

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5...

The vulnerability of the Boa HTTP server’s files backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js allows a intruder to gain unauthorized access to protected information.

The vulnerabilities of the Boa HTTP server’s files backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js are related to configuration errors. Exploiting these vulnerabilities can allow an attacker operating remotely to gain unauthorized access to protected...

CVE-2022-34469

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. This bug...

DEBIAN-CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

GO-2022-1155 Panic in github.com/ipfs/go-merkledag

A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. Additionally, use of the ProtoNode.SetCidBuilder method to set non-functioning CidBuilder such as one that refers to a multihash where ...

The vulnerability of the pipe_resize_ring function in Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability of the piperesizering function in Linux operating systems arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the EndType parameter in the web interface of the POWER METER SICAM Q100 microprogramming system allows a hacker to disable the device (with subsequent automatic reboot) or execute arbitrary code.

The vulnerability of the EndType parameter in the web interface of the POWER METER SICAM Q100 measurement software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disable the device remotely, causing it to shut down automatically, or execute...

The vulnerability in the driver/char/pcmcia/scr24x_cs.c component of Linux kernel allows a hacker to execute arbitrary code.

The vulnerability in the drivers/char/pcmcia/scr24xcs.c component of Linux kernel systems arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Linux operating system’s Bluetooth Low Energy driver allows attackers to gain increased privileges.

The vulnerability of the Linux operating system’s Bluetooth Low Energy driver is related to errors during authentication processes. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

Vulnerability of the kcm_tx_work() function (net/kcm/kcmsock.c) in Linux operating system kernels, allowing a hacker to execute arbitrary code

The vulnerability of the kcmtxwork function net/kcm/kcmsock.c in Linux operating systems arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the XFRM subsystem in the Linux operating system allows a hacker to execute arbitrary code, cause a service failure, or otherwise affect the system.

The vulnerability of the XFRM subsystem in the Linux operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to execute arbitrary code, cause service failures, or have other adverse effects on the system...

CLSA-2022-1671481339 openssh: Fix of 2 CVEs

CVE-2019-6109: verify character encoding in progress display to avoid spoofing of scp client output - CVE-2016-10012: updated to fix server-side protocol errors observed during rekeying with compression enabled...

openssh: Fix of 2 CVEs

CVE-2019-6109: verify character encoding in progress display to avoid spoofing of scp client output - CVE-2016-10012: updated to fix server-side protocol errors observed during rekeying with compression enabled...

The vulnerability of the Microsoft Outlook email client for the MacOS operating system, related to information representation errors in the user interface, allows attackers to perform spearishing attacks.

The vulnerability of the Microsoft Outlook email client for the MacOS operating system is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created email message...

ROS-20221216-02

A vulnerability in the Rsync file transfer and synchronization utility is related to authorization errors. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...

The vulnerability of the SmartScreen security component, which prevents unauthorized access and malicious programs from being executed on Windows operating systems, allows attackers to circumvent security restrictions.

The vulnerability of the SmartScreen security component against phishing and malicious programs in Windows operating systems is related to errors in security settings. Exploiting this vulnerability allows a remote attacker to circumvent security restrictions by downloading specially created malwa...

The vulnerability of the DirectX Graphics Kernel Driver (DXGKRNL) on Microsoft Windows operating systems, which allows attackers to exploit their privileges.

The vulnerability of the DirectX Graphics Kernel Driver DXGKRNL on Microsoft Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to gain increased privileges...