The vulnerability of the categoryId parameter in the WWebView component of the MCE Systems mobile device lifecycle management system allows attackers to enhance their privileges.

The vulnerability of the categoryId parameter in the WWebView component of the MCE Systems lifecycle management system is related to errors in link processing before accessing a file, as well as deserialization of the PendingDynamicLinkData structure from the Intent Extra array with the key...

The vulnerability of the AtomicReferenceArray class implementation in the Concurrency component of the Java Runtime Environment allows a malicious actor to trigger a service failure.

The vulnerability of the AtomicReferenceArray class implementation in the Java Runtime Environment concurrency component is related to errors in object type handling. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

Upgraded Q -> M from 139 [1656985204675]

Judge has assessed an item in Issue 139 as Medium risk. The relevant finding follows: 1. Buyouts that occur during the timestamp wrap will have valuation errors The blockTimestamp has a modulo applied, so at some point, there will be a timestamp with a value close to 2^32, followed by a timestamp...

Upgraded Q -> M from 164 [1657055445786]

Judge has assessed an item in Issue 164 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2022-29892

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service DoS...

[SECURITY] Fedora 36 Update: golang-github-pelletier-toml-1.9.4-2.fc36

Go-toml provides the following features for using data parsed from TOML documents: - Load TOML documents from files and string data - Easily navigate TOML structure using Tree - Mashaling and unmarshaling to and from data structures - Line & column position data for all parsed elements - Query...

The vulnerability in the CDisplayPointer class implementation of the Microsoft Internet Explorer browser allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the CDisplayPointer class implementation in Microsoft Internet Explorer is related to resource management errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause a service failure through a specially created malicious web page...

DEBIAN-CVE-2022-33099

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

AZL-10045 CVE-2022-33099 affecting package lua for versions less than 5.4.3-4

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

AZL-41192 CVE-2022-33099 affecting package ntopng for versions less than 5.2.1-4

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

UBUNTU-CVE-2022-33099

An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

ROS-20220701-01

Vim text editor vulnerability is related to boundary conditions in textobject.c. Exploitation The vulnerability could allow a remote attacker to create a special file, trick the victim into opening it, cause a read error outside the boundaries, and read the memory contents. victim to open it, cau...

The vulnerability of the ExpressLRS radio control system, related to errors in the code, allows a intruder to intercept the value of the UID identifier and gain full control over the device.

The vulnerability of the ExpressLRS radio control system is related to errors in the code. Exploiting this vulnerability could allow a malicious actor, operating remotely, to intercept the UID identifier and gain full control over the device...

The vulnerability of the implementation of Cisco IOS protocols for Integrated Services Routers Generation 2 allows a attacker to trigger a device reboot or cause a service failure.

The vulnerability of the Cisco IOS protocol for Integrated Services Routers Generation 2 ISR G2 is related to errors in Ethernet packet classification. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause service failure...

PT-2022-21690 · Lua +6 · Lua +6

Name of the Vulnerable Software and Affected Versions: Lua versions prior to 5.4.4 Description: An issue in the component luaG runerror of Lua leads to a heap-buffer overflow when a recursive error occurs. Recommendations: For versions prior to 5.4.4, update to a version that contains a fix for...

PT-2022-3284 · Ping Identity · Pingid Windows Login

Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.8 Description: The issue is related to errors in authentication of the connection with a local Java service used to capture security key requests. An attacker with the ability to execute code on the...

Microsoft Edge’s vulnerability, related to synchronization errors when using a shared resource, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge relates to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Guzzle client HTTP library, a PHP programming language interpreter, related to authentication errors, allows attackers to disclose sensitive information that is protected.

The vulnerability of the Guzzle client HTTP library, a programming language interpreter for PHP, is related to authentication errors. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by the library...

Mozilla Firefox < 102.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 102.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-24 advisory. - Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities...

The vulnerability of the authentication mechanism for software administrators of the ImageCast X device for marking ballots allows a perpetrator to escalate their privileges.

The vulnerability of the authentication mechanism for software administrators of the ImageCast X labeling device is related to privilege assignment errors. Exploiting this vulnerability can allow attackers to enhance their privileges...