11191 matches found
CVE-2022-1848
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11...
CVE-2022-1848
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11...
Code injection
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11...
CVE-2022-1848 Business Logic Errors in erudika/para
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11...
CVE-2022-1848
CVE-2022-1848 affects the Erudika Para project prior to version 1.45.11. Multiple connected sources describe a business logic error, including a race condition in com.erudika:para-core (validateObject) that can allow a user to abuse account/app-related logic. This is documented across sources (Gi...
CVE-2022-1848 Business Logic Errors in erudika/para
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11...
Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...
GHSA-XH29-R2W5-WX8M Nokogiri Improperly Handles Unexpected Data Type
Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44177)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the fact that...
The vulnerability of the Array method in Mozilla Firefox and Mozilla Firefox ESR browsers, as well as the Thunderbird email client, allows a malicious actor to execute arbitrary JavaScript code in a privileged context.
The vulnerability of the Array method in Mozilla Firefox and Mozilla Firefox ESR browsers, as well as the Thunderbird email client, is related to errors during code generation. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code in a privileged context...
The vulnerability in the JavaScript object indexing mechanism of Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird allows a malicious actor to execute arbitrary JavaScript code.
The vulnerability of the JavaScript object indexing mechanism in Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code...
MGASA-2022-0200 Updated ruby-nokogiri packages fix security vulnerability
Nokogiri did not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a...
Fslogix Roaming Profile Failing To Load On Windows 10 AWS Hosted VDA
Fslogix roaming profile failing to load on windows 10 AWS hosted VDA Issue was reprodubile in RDP session as well The below errors were logged in the event logs: Operation: FSLogixLogonPROFILE, SessionId: 3, ErrorCode: 1168, Detail: Logon failed, Please check logs and tracelogging and verify that...
CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
Microsoft Edge’s vulnerability, related to security configuration errors, allows attackers to escalate their privileges.
The vulnerability of Microsoft Edge is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability in the implementation of the vim_regexec_string() function in the Vim text editor allows a hacker to trigger a service failure.
The vulnerability of the vimregexecstring function in the Vim text editor is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a system failure...
CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
The vulnerability of the microprogrammed software of the Surface Pro 3 touchscreen display, related to authentication errors, allows a intruder to circumvent existing security restrictions.
The vulnerability of the microprogrammed sensor display software in the Surface Pro 3 is related to authentication errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...
The vulnerability of the Microsoft Office software package, related to security configuration errors, allows attackers to disclose sensitive information.
The vulnerability of the Microsoft Office suite is related to security configuration errors. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by the system’s security measures...