DEBIAN-CVE-2022-42325

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

CVE-2022-42326

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

PT-2022-7332 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to errors in memory release due to the creation of an arbitrary number of nodes via transactions. This can enable a malicious guest to create an arbitrary number of...

The vulnerability of NDIS Network Driver Interface Specification Miniport drivers in the Fortinet FortiClient for Windows security device allows a hacker to cause a service failure.

The vulnerability of NDIS Network Driver Interface Specification Miniport drivers in the Fortinet FortiClient for Windows security device is related to pointer swapping errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the WLAN operating system in Windows, which allows a hacker to increase their privileges

The vulnerability of the Windows WLAN operating system is related to privilege management errors. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability in the J-Web web interface of the JunOS operating system allows a hacker to execute arbitrary code.

The vulnerability of the J-Web web interface of the JunOS operating system is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Vulnerability of the l2cap_recv_acldata() function (net/bluetooth/l2cap_core.c) in Linux operating system kernels, allowing a hacker to trigger a service failure

The vulnerability of the l2caprecvacldata function net/bluetooth/l2capcore.c in Linux operating systems is related to memory release errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the ngx_resolver.c component in the nginx HTTP server allows a attacker to cause a service failure.

The vulnerability of the ngxresolver.c component in the nginx HTTP server is related to memory allocation errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

Decimals are computed in the wrong way if the collateral token doesn't have 18 decimals

Lines of code Vulnerability details Impact Huge accounting errors and losses for borrowers and liquidators if a collateral token with a non-18 decimal value is used. The oracle contract won't always return prices in 18 decimals. Proof of Concept The oracle returns the price in a normalized way...

The vulnerability of the Window.print() function in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a perpetrator to trigger a service failure.

The vulnerability of the Window.print function in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to resource management errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions through a specially created malicious website...

GHSA-JW36-MRVG-J5FX Rdiffweb subject to Business Logic Errors

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

Rdiffweb subject to Business Logic Errors

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

CVE-2022-2508

In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging...

Business Logic Errors

rdiffweb contains business logic errors. A privileged local attacker is able to disable multi factor authentication, which leads to unauthorized access...

PT-2022-5285 · Keylime +4 · Keylime +4

Name of the Vulnerable Software and Affected Versions: keylime versions prior to 6.5.1 Description: The issue is related to improperly handled exceptions in keylime, which can be exploited to create errors on the verifier, stopping attestation attempts and leaving a host in an attested state...

CVE-2022-3363

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

PYSEC-2022-42978

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

PYSEC-2022-42978

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

Code injection

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

SUSE-SU-2022:3750-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: cobbler: - Consider case of 'nextserver' being a hostname during migration of Cobbler collections. - Fix problem with 'proxyurlext' setting being None type. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager...