Upgraded Q -> H from 413 [1656341343180]

Judge has assessed an item in Issue 413 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

The vulnerability of the Windows Ancillary Function Driver for WinSock in Windows operating systems allows a hacker to increase their privileges.

The vulnerability of the Windows Ancillary Function Driver for WinSock in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Upgraded Q -> M from 310 [1656347065145]

Judge has assessed an item in Issue 310 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

The vulnerability affects the implementation of the Kerberos authentication protocol for a isolated software environment called AppContainer on Windows operating systems. This vulnerability allows a attacker to circumvent security restrictions.

The vulnerability of the Kerberos authentication protocol implementation in a isolated software environment called AppContainer on Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow an attacker to circumvent security restrictions...

The vulnerability of the xbstream_open function in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the xbstreamopen function extra/mariabackup/dsxbstream.cc in the MariaDB database management system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the User Interface component of the Oracle Transportation Management software allows a perpetrator to gain access to read data or modify data.

The vulnerability of the User Interface component of the Oracle Transportation Management software is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP requests...

The vulnerability of the Hyper-V hardware virtualization system for Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Hyper-V hardware virtualization technology for Microsoft Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Upgraded Q -> M from 439 [1656339117398]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 408 [1656345778095]

Judge has assessed an item in Issue 408 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 184 [1656338695381]

Judge has assessed an item in Issue 184 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 413 [1656340258153]

Judge has assessed an item in Issue 413 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Unused Return

Lines of code Vulnerability details Impact Configuration Check: unused-return Severity: Medium Confidence: Medium Description: The return value of this external call is not stored in a local or state variable. Unused return values of function calls are indicative of programmer errors which may ha...

OPENSUSE-SU-2022:2177-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. bsc1200019 - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted...

SUSE-SU-2022:2177-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. bsc1200019 - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted...

PT-2022-3265 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based Description: The issue is related to synchronization errors when using a shared resource, which can allow an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a...

The vulnerability of the Titan FTP Server NextGen installer allows a hacker to execute arbitrary commands with elevated privileges.

The vulnerability of the Titan FTP Server NextGen installer is related to errors during the installation of Microsoft SQL Express 2019. Exploiting this vulnerability allows an attacker to execute arbitrary commands with elevated privileges...

GHSA-XGGC-QPRG-X6MW Weave GitOps leaked cluster credentials into logs on connection errors

Impact A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster...

The vulnerability of the Dynamic Voltage and Frequency Scaling (DVFS) technology implemented in Intel microprocessor software allows attackers to launch attacks through external channels and disclose sensitive information.

The vulnerability of the Dynamic Voltage and Frequency Scaling DVFS technology implemented in Intel microprocessor software is related to errors during the dynamic frequency adjustment process. Exploiting this vulnerability can allow a remote attacker to launch an attack through external channels...

The vulnerability of microprogrammed software in Intel SSD solid-state drives, related to resource release errors, allows a hacker to cause a service failure.

The vulnerability of Intel SSD microprogramming software is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...