The vulnerability of the implementation of the VPN Secure Sockets Layer (SSL) function in microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows a attacker to cause service interruptions.

The vulnerability of the implementation of the VPN Secure Sockets Layer SSL function in microprogramming-based network interface controllers from Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to resource management errors. Exploiting this vulnerability c...

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue. The warning comes amid shared reports of multiple services and...

Citrix Hypervisor 8.2 : MCS Catalog update deletes Target base disks.

Xenserver audit.log throwsERROR:NOTSUPPORTEDDURINGUPGRADE Mar 30 02:38:59 XXXXX xapi: 20220330T00:38:59.214Z|audit||8715 HTTP 10.1.XX.XX-:::80|VDI.setonboot R:780016cf9118|audit 'trackid=39b4363b70f699b0ab419280ab8b4fe2' 'S-1-XXXX-XX-XX-8' 'XX\\XXXXX' 'ALLOWED' 'ERROR:NOTSUPPORTEDDURINGUPGRADE :...

Cross-site Scripting (XSS)

Overview phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB. Affected versions of this package are vulnerable to Cross-site Scripting XSS through various components, including specially crafted table names, logbin directive configuration, AJAX error handling, and features such as...

Expected Behavior Violation in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

GHSA-9HG2-395J-83RM Expected Behavior Violation in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

The vulnerability of the input protection mechanism in Cisco Firepower Management Center (FMC) software allows a hacker to disclose the protected information.

The vulnerability of the input protection mechanism in Cisco Firepower Management Center FMC software is related to errors in processing incoming data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Adobe InDesign < 16.4.2 / 17.0 < 17.2.0 Multiple Arbitrary code execution (APSB22-23)

The version of Adobe InDesign installed on the remote Windows host is prior to 16.4.2, 17.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-23 advisory. - Adobe InDesign versions 17.1 and earlier and 16.4.1 and earlier are affected by an out-of-bounds write...

USN-5417-1 linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive...

USN-5415-1 linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service system crash. CVE-2020-27820 Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor...

missing input validation for _liquidityPool

189 comment Warden: kenta missing input validation for liquidityPool. The owner can change always liquidityPool but this liquidityPool will be used to execute low-level calls. To avoid errors with an empty address this must be checked always. requireliquidityPool != address0, “liquidityPool canno...

The vulnerability of the PlayTo Manager component for Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the PlayTo Manager component for Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the SEV-SNP secure nested paging implementation for virtual machines running on AMD processor-based servers allows a attacker to disclose protected information by executing attacks through auxiliary channels.

The vulnerability of the SEV-SNP secure nested paging implementation for virtual machines running on AMD processor-based servers is related to data encryption errors. Exploiting this vulnerability can allow attackers to disclose sensitive information by launching attacks through secondary channel...

The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (May 2022)

This host is missing a critical security update according to Microsoft Office Click-to-Run updates SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

The vulnerability of the Windows Hyper-V hardware virtualization system allows a attacker to trigger a service failure.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Windows Digital Media Receiver component of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows Digital Media Receiver component of the Windows operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

CVE-2022-29616

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption...

CVE-2022-29616

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption...