Google Chrome Security Update (stable-channel-update-for-desktop_11-2022-10) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

The vulnerability of the Azure Arc for local infrastructure connection software in Azure Stack Edge storage services allows a perpetrator to escalate their privileges.

The vulnerability of the Azure Arc for local infrastructure connection software in Azure Stack Edge storage solutions is related to access control errors. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...

The vulnerability of the ruby-mysql library, related to errors in processing hypertext links, allows attackers to gain access to confidential data.

The vulnerability of the ruby-mysql library is related to errors in processing hypertext links. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data...

CVE-2022-35299

SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow...

CVE-2022-35299

SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow...

The vulnerability of the Special:ChangeContentModel function in the software for implementing a hypertext environment like MediaWiki allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Special:ChangeContentModel function in the MediaWiki software, which is used to implement the hypertext environment, is related to security configuration errors. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...

PT-2022-5319 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in Microsoft Office packages. Exploitation of this issue may allow a remote attacker to...

PT-2022-5245 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows WLAN Service, which is caused by errors in privilege management. This vulnerability can be exploited by an...

PT-2022-5302 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the implementation of the Point-to-Point Tunneling Protocol PPTP in Windows. This allows a remote attacker to...

PT-2022-5428 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Windows Storage Services. Exploitation of this issue may allow an attacker to gain unauthorized access and...

The vulnerability of the Vim text editor, related to pointer naming errors, allows a hacker to trigger a service failure.

The vulnerability of the Vim text editor is related to errors in pointer manipulation when processing the eval1 frame root/vim/src/vim. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the SupportAssist component in the network operating system SmartFabric OS10 allows a perpetrator to gain access to protected information by carrying out “man-in-the-middle” attacks.

The vulnerability of the SupportAssist component in the SmartFabric OS10 network operating system is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker to gain access to protected information by conducting “man-in-the-middle” attacks using...

MGASA-2022-0362 Updated php packages fix security vulnerability

Core Fixed bug GH-9323 Crash in ZENDRETURN/GC/zendcallfunction Fixed bug GH-9361 Segmentation fault on script exit 9379. Fixed bug GH-9407 LSP error in eval'd code refers to wrong class for static type. Fixed bug 81727: Don't mangle HTTP variable names that clash with ones that have a specific...

The vulnerability of the mod_wstunnel module in the lighttpd web server allows a hacker to cause a service failure.

The vulnerability of the modwstunnel module in the lighttpd web server is related to pointer dereferencing errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the Node.js software platform, related to errors in the implementation of authentication procedures, allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Node.js software platform is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that is protected by the system...

USN-5659-1 kitty vulnerabilities

Stephane Chauveau discovered that kitty incorrectly handled image filenames with special characters in error messages. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS. CVE-2020-35605 Carter Sande discovered that kitty incorrectly...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

Weblate: No rate limiting for Remove Account lead to huge Mass mailings

Name of the vulnerability:- No rate limiting for Remove Account lead to huge Mass mailings Hlw Team I am a security researcher and I found this vulnerability in your website Business Logic Errors https://hosted.weblate.org Description : No Rate Limit is a type of computer security vulnerability...

The vulnerability of Microsoft Edge browser on Windows operating systems, related to synchronization errors when using a shared resource, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge browser on Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...