PT-2022-4122 · Microsoft · Windows Sstp +1

Name of the Vulnerable Software and Affected Versions: Windows Secure Socket Tunneling Protocol SSTP affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the implementation of the Secure Socket Tunneling Protocol SSTP in...

CVE-2022-2398

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

The vulnerability of the NVIDIA GPU Display Driver’s kernel allows a hacker to trigger a service failure.

The vulnerability of the NVIDIA GPU Display Driver’s kernel is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

UBUNTU-CVE-2022-2500

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN allows a malicious actor to execute arbitrary code in the context of the root user or to cause service interruptions. This vulnerability is related to errors in the processing of input data.

The vulnerability of the web-based management interface for Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN software lies in errors during the processing of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the root user or cause...

CLSA-2022-1659636773 Fix CVE(s): CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2343

SECURITY UPDATE: Using freed memory with recursive substitute - debian/patches/CVE-2022-2345.patch: Always make a copy for regprevsub - CVE-2022-2345 SECURITY UPDATE: Reading past end of completion with duplicate match - debian/patches/CVE-2022-2344.patch: Check string length - CVE-2022-2344...

The vulnerability of the client’s HTTP library, OKHttp Square, related to authentication process errors allows attackers to circumvent existing security restrictions and execute “man-in-the-middle” attacks.

The vulnerability of the client’s HTTP library, OKHttp Square, is related to errors in the certificate authentication process. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute a type of “man-in-the-middle” attack...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS-based routers of the QFX5000 Series and MX Series models is related to pointer arithmetic errors. This vulnerability allows attackers to trigger a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS-based routers of the QFX5000 Series and MX Series models is related to pointer arithmetic errors. Exploiting this vulnerability allows a malicious actor to trigger service failures remotely...

IBM DataPower Gateway 代码问题漏洞

IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...

Dspace 安全漏洞

Dspace is an open source turnkey repository application from the DuraSpace community. A security vulnerability exists in DSpace versions prior to 6.4, which stems from the fact that when an "internal system error" occurs in dspace-jspui, the entire exception including the stack trace is available...

The vulnerability of distributed control systems such as CENTUM CS 3000, CENTUM CS 3000 Entry Class, CENTUM VP, and CENTUM VP Entry Class lies in resource management errors, which can be exploited by attackers to cause service interruptions.

The vulnerability of distributed control systems such as CENTUM CS 3000, CENTUM CS 3000 Entry Class, CENTUM VP, and CENTUM VP Entry Class lies in resource management errors. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted malware...

GSD-2022-1004380 ASoC: Intel: sof_sdw: handle errors on card registration

ASoC: Intel: sofsdw: handle errors on card registration This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.56 by commit...

[SECURITY] Fedora 36 Update: golang-github-pelletier-toml-1.9.4-3.fc36

Go-toml provides the following features for using data parsed from TOML documents: - Load TOML documents from files and string data - Easily navigate TOML structure using Tree - Mashaling and unmarshaling to and from data structures - Line & column position data for all parsed elements - Query...

Adobe Acrobat and Adobe Reader Resource Management Error Vulnerability (CNVD-2022-56089)

Adobe Acrobat and Adobe Reader are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. Adobe Acrobat and Adobe Reader there are resource management error...

The vulnerability of the DNS Server component of the Windows operating system, which allows a hacker to execute arbitrary code.

The vulnerability of the DNS Server component of the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Samba network file system, related to errors during authentication procedures, allows a perpetrator to change the password of an arbitrary user and gain full access to that user’s account.

The vulnerability of the Samba network file system is related to errors during authentication procedures. Exploiting this vulnerability allows a malicious actor, operating remotely, to alter the password of an arbitrary user and gain full access to the account...

The vulnerability of the web server of the cross-platform solution for managing mobile devices by FileWave, related to errors during authentication procedures, allows a hacker to gain full access to the platform.

The vulnerability of the FileWave cross-platform server for managing mobile devices is related to errors during the authentication process. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full access to the platform...

The vulnerability of the InnoDB component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the Oracle MySQL Server database management system is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service failures using the MySQL protocol...

The vulnerability of the sourceMapURL function in the DevTools set of web development tools for the Firefox browser allows attackers to disclose sensitive information.

The vulnerability of the sourceMapURL function in the DevTools browser extension for web development is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to resource release errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using the MySQL protocol...