CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

Design/Logic Flaw

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

CVE-2022-0514 Business Logic Errors in crater-invoice/crater

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

CVE-2022-0514

CVE-2022-0514 affects crater-invoice/crater prior to 6.0.5. The issue is a business logic flaw in Crater’s settings handling that lets an attacker alter the currency by tampering a parameter in the API request (e.g., /api/v1/company/settings with currency set to 1 and changing it to 2). The impac...

CVE-2022-0514 Business Logic Errors in crater-invoice/crater

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

PT-2022-6593 · Red Hat +5 · 389 Directory Server +6

Name of the Vulnerable Software and Affected Versions: 389 Directory Server affected versions not specified Description: The issue is related to improper authentication in the 389 Directory Server, allowing expired passwords to access the database. This can be exploited by a remote attacker to ga...

The vulnerability of the Advanced Local Procedure Call (ALPC) handler in the Microsoft Windows operating system allows attackers to escalate their privileges.

The vulnerability of the Advanced Local Procedure Call ALPC in the Microsoft Windows operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the Active Storage module in the Ruby on Rails software framework allows attackers to execute arbitrary code.

The vulnerability of the Active Storage module in the Ruby on Rails software framework is related to errors during code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Microsoft SharePoint Server software, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Microsoft SharePoint Server software is related to errors in information presentation at the user interface level. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...

Rapid7 Nexpose has an unspecified vulnerability (CNVD-2022-21218)

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can use the scan results to deeply probe the network. The software supports scanning configuration environments for errors, vulnerabilities, malware, etc. Rapid7 Nexpose 6.6.129 and previous versions have a securi...

Apple Mac OS X Security Update (HT213184)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Mac OS X Security Update (HT212979)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted HTML page...

LiquidityPool:getAmountToTransfer() has incorrect calculation due to incorrect bracket placement

Lines of code Vulnerability details Impact In the scenario where the transfer fee exceeds the equilibrium fee, the excess gets credited to the incentive pool. The incentive pool fee added is incentivePooltokenAddress = incentivePooltokenAddress + amount transferFeePerc -...

The vulnerability of the “len” parameter in the drivers/net/usb/sr9700.c file of Linux operating system kernels, which allows an attacker to access protected information

The vulnerability of the “len” parameter in the drivers/net/usb/sr9700.c file of Linux operating system kernels is related to errors in processing packet lengths. Exploiting this vulnerability may allow an attacker to gain access to protected information...

The vulnerability of the integration component of the Magento Commerce software development and management platform, related to authentication errors, allows attackers to bypass security functions and gain unauthorized access to protected information.

The vulnerability of the integration component of the Magento Commerce software development and management platform is related to authentication errors. Exploiting this vulnerability allows an attacker to bypass security functions and gain unauthorized access to protected information...

The vulnerability in the implementation of the Windows Authenticode signature technology of the Microsoft Windows operating system allows attackers to perform spoofing attacks.

The vulnerability of the Authenticode signature technology implemented in Microsoft Windows operating systems is related to errors in information presentation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

CVE-2022-22720

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

The vulnerability of the Yokogawa CENTUM VP SCADA system, related to errors in the code, allows a intruder to execute arbitrary commands.

The vulnerability of the Yokogawa CENTUM VP SCADA system is related to errors in the code. Exploiting this vulnerability allows an intruder to execute arbitrary code by modifying the project files and injecting their own code into them, which will be executed upon a specified event...