UBUNTU-CVE-2022-0746

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0...

CVE-2022-0746 Business Logic Errors in dolibarr/dolibarr

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0...

CVE-2022-0746

CVE-2022-0746 affects dolibarr/dolibarr prior to 16.0 and is described as a business-logic error. Connected records (GHSA-8VQ6-5F66-HP3R) indicate that, prior to 16.0, low-privilege users could update their login name, which should be admin-only. The provided documents do not specify a concrete e...

CVE-2022-0746 Business Logic Errors in dolibarr/dolibarr

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1227)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with...

The vulnerability of the Windows Common Log File System Driver in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Common Log File System Driver in Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of the software package for accounting or resource planning of Microsoft Dynamics GP, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the software package for accounting or resource planning of Microsoft Dynamics GP involves information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and Microsoft SharePoint Server Subscription Edition packages lies in information representation errors in the user interface, which allows attackers to perform spoofing attacks.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and Microsoft SharePoint Server Subscription Edition packages is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform a...

The vulnerability of the Azure Data Explorer data analysis service, related to errors in information presentation on the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of the Azure Data Explorer data analysis service is related to errors in information representation by the user interface. Exploiting this vulnerability may allow attackers to perform spear-phishing attacks remotely...

The vulnerabilities of the `pipe_read` and `pipe_write` functions in the `fs/pipe.c` file of the Linux operating system’s kernel allow attackers to increase their privileges or cause service failures.

The vulnerability of the piperead and pipewrite functions in the fs/pipe.c file of the Linux operating system’s kernel is related to code errors. Exploiting this vulnerability can allow an attacker to enhance their privileges or cause service failures...

The vulnerability of the Windows DWM Core Library on Windows operating systems, which allows attackers to enhance their privileges

The vulnerability of the Windows DWM Core Library in operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform spear-phishing attacks remotely...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a malicious actor to perform spear-phishing attacks remotely...

The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Windows Print Spooler in operating systems related to the print queue is associated with security configuration errors. Exploiting this vulnerability can allow attackers to gain increased privileges...

ImageMagick code issue vulnerability (CNVD-2022-18008)

Imagemagick Studio ImageMagick is a set of open source image processing software from the American company ImageMagick Studio Imagemagick Studio. The software can read, convert, or write images in a variety of formats.ImageMagick has a security vulnerability that stems from a null pointer...

Business Logic Errors

Description Product status of product is unpublished has been deleted by admin in Trash folder but user can still add to cart and make purchases Proof of Concept Step 1: Admin go to Shop Products: Unpublish product and Delete product Step 2: User add product to cart by request POST...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-1171)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the nl80211policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local...

python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c

A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes...

Istio 授权问题漏洞

Istio is an open platform for connecting, managing and securing microservices. Istio suffers from an authorization issue vulnerability that stems from the Istio control plane "istiod" being susceptible to request processing errors in the affected version. An attacker could use this vulnerability ...

node-request-retry 信息泄露漏洞

node-request-retry is a method of automatically retrying a request when a connection fails with an ECONNRESET, ENOTFOUND, ESOCKETTIMEDOUT, ETIMEDOUT, ECONNREFUSED, EHOSTUNREACH, one of EPIPE, EAIAGAIN, or when an HTTP 5xx or 429 errors, the request will be automatically retried, as these are...