OESA-2022-2082 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

The vulnerability in the implementation of the Point to Point Tunneling Protocol (PPTP) network protocol in the Microsoft Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Point to Point Tunneling Protocol PPTP implementation in the Microsoft Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially craft...

The vulnerability in the `QuickTimeVideo::userDataDecoder` function of the `quicktimevideo.cpp` file in the library and command-line utilities for managing image metadata with the Exiv2 library allows a hacker to execute arbitrary code.

The vulnerability of the QuickTimeVideo::userDataDecoder function in the quicktimevideo.cpp file of the Exiv2 image metadata management library and command-line utilities is related to pointer aliasing errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of the Apache Tomcat application server, related to synchronization errors when using shared resources, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Apache Tomcat application server is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the software for managing drivers in multipath-tools systems, related to errors in privilege management, allows a hacker to elevate their privileges to root user status.

The vulnerability of software for managing drivers in multipath-tools systems relates to errors in privilege management. Exploiting this vulnerability can allow an attacker to elevate their privileges to root user status...

The vulnerability of the Apache Tomcat application server, related to synchronization errors when using shared resources, allows attackers to escalate their privileges.

The vulnerability of the Apache Tomcat application server is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to increase their privileges...

kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image

A use-after-free flaw was found in fs/ext4/namei.c:dxinsertblock in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service...

CVE-2021-4044: Invalid handling of X509_verify_cert() internal errors in libssl

A flaw was found in the way OpenSSL verified certificates via the X509verifycert function. X509verifycert fuunction may return a negative return value to indicate an internal error for example, out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO function such...

PT-2025-26007 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from the Linux kernel's KVM module not properly handling the unloading of modules, specifically when using try get module. This can lead to fatal errors, such as...

PT-2022-5500 · Microsoft · Windows Pptp +1

Name of the Vulnerable Software and Affected Versions: Windows Point-to-Point Tunneling Protocol PPTP affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Point to Point Tunneling Protocol PPTP in...

PT-2022-5505

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A security feature bypass issue exists in the BitLocker Device Encryption of Windows operating systems due to security configuration errors. This flaw allows an attacker to bypass security...

PT-2022-5498 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the Windows Group Policy Services. It allows an attacker to elevate their privileges. Recommendations: At t...

PT-2022-5568 · Microsoft · Windows Bind Filter Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Bind Filter Driver affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Windows Bind Filter Driver. This can allow an attacker to gain unauthorized access to th...

Upgraded Q -> M from 407 [1667616784805]

Judge has assessed an item in Issue 407 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2022:3871-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3871-1 advisory. - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. CVE-2016-3709 - An issue was...

Upgraded Q -> H from 502 [1667614585174]

Judge has assessed an item in Issue 502 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 262 [1667614992867]

Judge has assessed an item in Issue 262 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

The vulnerability of the njs_scope_valid_value function (njs_scope.h) in the NJS interpreter of the nginx server allows a attacker to cause a service failure.

The vulnerability of the njsscopevalidvalue function in the njs interpreter of the nginx server is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...