GSD-2022-1001546 net: asix: add proper error handling of usb read errors

net: asix: add proper error handling of usb read errors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GSD-2022-1001471 btrfs: do not double complete bio on errors during compressed reads

btrfs: do not double complete bio on errors during compressed reads This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GSD-2022-1001470 btrfs: handle csum lookup errors properly on reads

btrfs: handle csum lookup errors properly on reads This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

GSD-2022-1001146 btrfs: handle csum lookup errors properly on reads

btrfs: handle csum lookup errors properly on reads This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...

Cannot start app **** - Issue when Storefront STA's configure as https.

Issue accessing the url of storefront store through Citrix ADC. Users are able to access storefront, but when users try to open any application it gives an error: Cannot start app However, when accessing the storefront url internally using store URL, all the applications open without problems,...

The vulnerability of the Direct Memory Access (DMA) subsystem in Linux operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Direct Memory Access DMA subsystem in Linux operating systems is related to memory release errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Initial StakedCitadel deposit with amount=1 wei causes very expensive share price leading to precision errors and loss of funds

Lines of code Vulnerability details Impact The first depositor into StakedCitadel is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the StakedCitadel Citadel token balance. Following depositors will loose their...

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus relates to errors in processing TCP packet headers. This vulnerability allows attackers to gain access to protected information or cause service interruptions.

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors in processing the TCP header. Exploiting this vulnerability can allow an attacker to gain access to protected informatio...

The vulnerability of the Atlassian Confluence Server web server, related to authentication errors, allows a hacker to read arbitrary files.

The vulnerability of the Atlassian Confluence Server is related to authentication errors. Exploiting this vulnerability allows a malicious actor to remotely access and read arbitrary files...

PT-2022-2568 · Fanuc · Fanuc Roboguide

Name of the Vulnerable Software and Affected Versions: FANUC ROBOGUIDE affected versions not specified Description: The issue is related to errors in assigning permissions for files, which can allow an attacker to gain privilege escalation. It is also associated with misconfigured binaries,...

The vulnerability in the isolated environment of the iframe in Firefox web browsers, Firefox ESR, and the Thunderbird email client allows a malicious actor to disclose protected information.

The vulnerability in the isolated environment of the Firefox web browser, Firefox ESR, and Thunderbird email client relates to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...

The vulnerability of the McAfee Total Protection antivirus protection, related to synchronization errors when using a common resource, allows a hacker to trigger a service failure or gain privileged access.

The vulnerability of the McAfee Total Protection antivirus protection lies in synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to gain privileged access or cause service interruptions...

PT-2022-3558 · Hotdog · Hotdog

Name of the Vulnerable Software and Affected Versions: Hotdog versions prior to 1.0.1 Description: The issue is related to errors in access control, allowing a container to gain full privileges on the host and bypass restrictions set on the container. This could enable an attacker to elevate thei...

The vulnerability of the drivers/hid/hid-elo.c component in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the drivers/hid/hid-elo.c component in the Linux operating system is related to memory release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Internet Information Services FTP network services for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Internet Information Services FTP protocol in Windows operating systems is related to errors during FTP data exchange. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using specially crafted FTP commands...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-1402)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation ...

Microsoft Windows iSCSI Target Service Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in Microsoft Windows iSCSI Target Service. The vulnerability arises from a configuration or other error in the operation of a networked...

The vulnerability of the UHCI controller on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a attacker to execute arbitrary code.

The vulnerability of the UHCI platform of the VMware Cloud Foundation and the VMware ESXi hypervisor lies in synchronization errors when using a shared resource. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems allows a hacker to execute arbitrary code or commands.

The vulnerability of the FortiGate network firewall’s debugging function for FortiOS operating systems is related to authentication errors. Exploiting this vulnerability allows a perpetrator to execute unauthorized code or commands using certain console command sequences like “print str” and “cmd...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 browser allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...