The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to synchronization errors when using a common resource, allowing an attacker to disclose protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to synchronization errors when using a common resource. Exploiting these vulnerabilities can allow an attacker, operating remotely, to disclose sensitive information...

The vulnerability of the Mozilla Firefox browser for Android, related to resource management errors, allows a hacker to cause a service failure and disclose sensitive information.

The vulnerability of the Mozilla Firefox browser for Android is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures and expose sensitive information...

The vulnerability of the shell command line interface in IPython’s interactive computing environment allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the shell command line interface for interactive IPython computations is related to access control errors. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the MariaDB database, related to pointer assignment errors, allows attackers to cause service failures.

The vulnerability of the MariaDB database lies in pointer assignment errors. Exploiting this vulnerability allows an attacker to cause service failures...

Explained: Fuzzing for security

Fuzzing, or fuzz testing, is defined as an automated software testing method that uses a wide range of invalid and unexpected data as input to find flaws in the software undergoing the test. The flaws do not necessarily have to be security vulnerabilities. Fuzzing can also bring other undesirable...

CLSA-2022-1663184017 Fixed CVEs in curl: CVE-2022-32208, CVE-2022-32206

CVE-2022-32208: krb5: fix returning error on decode errors - CVE-2022-32206: contentencoding: return error on too many compression steps - fix a curl.spec's comment about applying TuxCare ELS patches - improve the test system by repeating failed tests several times...

The vulnerability of the busybox wget component in the UNIX command-line utilities of BusyBox allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the busybox wget component in the UNIX command-line utilities package is related to authentication process errors. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the `gdImageClone` function in the `gd.c` component of the LibGD graphics library allows a hacker to cause a service failure.

The vulnerability of the gdImageClone function in the gd.c component of the LibGD graphics library is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause a service failure...

The vulnerability of the sql_parse.cc component of the MariaDB database, which allows attackers to trigger a service failure.

The vulnerability of the sqlparse.cc component in the MariaDB database system is related to errors during resource release. Exploiting this vulnerability allows an attacker to cause service failures...

The vulnerability of the ha_maria::extra component in the MariaDB database, which allows a hacker to cause a service failure.

The vulnerability of the hamaria::extra component in the MariaDB database is related to errors during resource release. Exploiting this vulnerability allows an attacker to cause service failures...

Authorization

Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx,...

CVE-2022-36782

CVE-2022-36782 involves an authorization flaw in PalGate’s Android device-management client. The vulnerability allows an attacker to enumerate IoT devices, view all entries/exits across gates worldwide, and extract a user database (over 2.8 million users) including names, phone numbers, and movem...

CVE-2022-36780 Avdor CIS - crystal quality Credentials Management Errors

Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system:...

libdnf bug fix and enhancement update

An update is available for libdnf. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A library providing simplified C and Python API to the libsolv package...

PT-2022-23194 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.16 Description: The issue arises when requesting invalid or non-existing resources via HTTP, triggering the page error handler to retrieve content from another page, leading to recursive application calls that...

PT-2022-5734 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Advanced Local Procedure Call ALPC handler of the Windows operating system. This can allow an attacker to...

PT-2022-5351 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in privilege management in the implementation of the Kerberos protocol in Windows operating systems. It allows a remote attacker to elevate their privileges...

The vulnerability of the Application Business Partner Extension component of the SAP S/4HANA software platform allows attackers to enhance their privileges.

The vulnerability of the Application Business Partner Extension component of the SAP S/4HANA software platform is related to authentication errors. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

in function redeem() of TribeRedeemer users would receive less funds because of rounding error in division in previewRedeem()

Lines of code Vulnerability details Impact Function previewRedeem in TribeRedeemer has been used to calculate the amounts of tokens the user would receive for what the user transfer as redeemedToken. the user would receive a ratio of token balance of the contract which ratio is equal to amountIn ...

The vulnerability of the Build Handler component of the Jenkins Git plugin, related to authentication errors, allows a hacker to circumvent established security restrictions and gain increased privileges.

The vulnerability of the Build Handler component in the Jenkins Git plugin is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass established security restrictions and gain increased privileges...