CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

The vulnerability of the u32_change() function in the link counter component of the Linux kernel’s net/sched module allows a attacker to elevate their privileges to root level.

The vulnerability of the u32change function, which is used by the link counter in the net/sched component of the Linux operating system’s kernel, is related to errors during link counter updates. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

Microsoft Edge’s vulnerability, related to security configuration errors, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

CVE-2022-1416

Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling...

Apple Mac OS X Security Update (HT213255)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pimcore Cross-Site Scripting Vulnerability (CNVD-2022-38753)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. pimcore suffers from a cross-site scriptin...

HTTP Parameter Pollution

An HTTP Parameter Pollution HTTP exploits the possibility of including several parameters with the same name in an HTTP request or by including a new encoded parameter. Depending on the web server, its parameters will be parsed in a different way i.e. parsing only the first/last occurrence of the...

The vulnerability of the RubyGems.org hosting service, related to authentication errors, allows a perpetrator to gain access to create, modify, or delete data.

The vulnerability of the RubyGems.org hosting service is related to authentication errors during data copying. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to create, modify, or delete data...

Debian: Security Advisory (DLA-3012-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : kernel (ELSA-2022-1988)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1988 advisory. - netfilter: nftablesoffload: incorrect flow offload action array size Florian Westphal 2056728 CVE-2022-25636 - RDMA/cma: Do not change...

The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.

The vulnerability of Windows operating system kernels arises due to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the ClamAV antivirus software library and the Cisco AMP security tool for end devices allows a perpetrator to trigger a service failure.

The vulnerability of the ClamAV antivirus software library and the Cisco AMP tool for protecting against malicious software in end devices is related to resource management errors during CHM file syntax analysis. Exploiting this vulnerability can allow a remote attacker to cause service...

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems allows attackers to increase their privileges and gain unauthorized access to protected information.

The vulnerability of the Cluster Shared Volumes CSV file system for Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges and gain unauthorized access to protected information...

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the AWS VPN Client service, related to synchronization errors when using a shared resource, allows a perpetrator to escalate their privileges or cause a service failure.

The vulnerability of the AWS VPN Client is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges or cause service interruptions...

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Cluster Shared Volumes file system in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of Windows Push Notification apps, which allow attackers to escalate their privileges.

The vulnerability of Windows Push Notification apps related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow attackers to gain increased privileges...