Rockwell Automation controllers 输入验证错误漏洞

Rockwell Automation controllers are a series of controllers from Rockwell Automation. A denial of service vulnerability exists in Rockwell Automation controllers, which stems from its controllers mishandling of incorrectly formatted CIP requests, and can be exploited by an attacker to cause a maj...

PT-2022-5943 · Hikvision · Hikvision Ds-3Wf01C-2N/O +1

Name of the Vulnerable Software and Affected Versions: Hikvision DS-3WF0AC-2NT versions affected versions not specified Hikvision DS-3WF01C-2N/O versions affected versions not specified Description: The issue is related to access control errors in the web server of certain Hikvision wireless brid...

The vulnerability of the Secure Socket Tunneling Protocol (SSTP) implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Secure Socket Tunneling Protocol SSTP implementation in Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted requests...

The vulnerability of the Controller File System Handler component in the Jenkins OpenShift Deployer Plugin allows a hacker to bypass established security restrictions and escalate their privileges.

The vulnerability of the Controller File System Handler component in the Jenkins OpenShift Deployer Plugin is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass established security restrictions and escalate their privileges...

The vulnerability of the SuiteLink server, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of the SuiteLink server is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

The vulnerability of the SuiteLink server, related to pointer assignment errors, allows a hacker to trigger a service failure.

The vulnerability of the SuiteLink server is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

PT-2022-6013 · Microsoft · Azure Network Watcher Vm Agent

Name of the Vulnerable Software and Affected Versions: Azure Network Watcher Agent affected versions not specified Description: The issue is related to authorization errors in the Azure Network Watcher Agent service, which can be exploited to bypass existing security restrictions. Recommendations...

Siemens SISCO MMS-EASE Third Party Component

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : SISCO MMS-EASE third party component Vulnerability : Resource Management Errors 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to cause a...

CVE-2022-3881

CVE-2022-3881 concerns the WordPress WPTools plugin, affected versions before 3.43. The issue is improper authorization and CSRF in an AJAX action, allowing any authenticated user (e.g., a subscriber) to install and activate arbitrary plugins from wordpress.org. Root cause: missing CSRF/authoriza...

Unsafe usage of ERC20 methods

Lines of code Vulnerability details There are many weird ERC20 tokens that don't follow the standard ERC20 interface. Depending on the ERC20 token, some transfer errors may result in passing unnoticed, or some successful transfers may be treated as failed. The current implementation assumes that...

The vulnerability of the NDES registration service for Microsoft Windows operating systems allows a hacker to circumvent existing security restrictions and expose the protected information.

The vulnerability of the Network Device Registration Service NDES of Microsoft Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions and disclose sensitive information...

CVE-2022-23495

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

Input validation

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

CVE-2022-23495

CVE-2022-23495 concerns go-merkledag where a modified or decoded ProtoNode can be placed into an unencodeable form, causing encode errors that panic on calls that do not return errors. This behavior is tied to the DAGService/IPLD node handling and may be triggered by inputs using a non-validated ...

CVE-2022-23495 ProtoNode may be modified such that common method calls may panic in ipfs/go-merkledag

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

USN-5769-1 protobuf vulnerabilities

It was discovered that protobuf did not properly manage memory when serializing large messages. An attacker could possibly use this issue to cause applications using protobuf to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-5237 It was discovered that...

go-merkledag's ProtoNode may be modified such that common method calls may panic

Impact A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error fro...

GHSA-X39J-H85H-3F46 go-merkledag's ProtoNode may be modified such that common method calls may panic

Impact A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error fro...

libxml2: dict corruption caused by entity reference cycles

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...

The vulnerability of the rsync platform used in OpenStack platforms for cloud computing solutions allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the rsync platform used in OpenStack platforms for cloud computing solutions is related to security configuration errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...