ROS-20220217-01

MariaDB database management system vulnerability, related to a formatted string error in the in the implementation of the CONNECT function. Exploitation of the vulnerability could allow an attacker acting remotely, send a specially crafted SQL query containing format string specifiers and execute...

The vulnerability of the Mozilla Firefox browser, related to errors in processing HTML content, allows a hacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser is related to errors in processing HTML content. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...

The vulnerability of Wi-Fi router microprogramming software web applications of D-Link DIR-X1860 allows a intruder to trigger a service failure.

The vulnerability of the web-based application of D-Link DIR-X1860 wireless routers is related to resource release errors. Exploiting this vulnerability allows a malicious actor to cause service failures through a specially created web page...

The vulnerability of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to execute arbitrary code with root privileges.

The vulnerability of the Zabbix universal monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges...

Business Logic Errors

microweber/microweber is vulnerable to business logic errors. Lack of secure validation of sessionid for usermanager in the function removeitem causes business logic errors...

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0688

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0688

CVE-2022-0688 affects microweber/microweber prior to 1.2.11. The Red Hat OSV/GHSA entries and related records describe a business logic/ insecure direct object reference issue in Microweber that can enable a malicious actor to manipulate cart contents (e.g., removing items) without proper authori...

CVE-2022-0688 Business Logic Errors in microweber/microweber

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

CVE-2022-0688 Business Logic Errors in microweber/microweber

Business Logic Errors in Packagist microweber/microweber prior to 1.2.11...

GHSA-3P9J-442X-HJP7 Business Logic Errors in microweber

microweber prior to 1.2.11 allows multiple uses of a single-use coupon...

CVE-2021-20322

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

Design/Logic Flaw

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

CVE-2021-20322

CVE-2021-20322 relates to a Linux kernel ICMP handling flaw (ICMP fragment needed/redirect) that lets an off-path attacker quickly discover UDP port usage, bypassing UDP source port randomization. The connected advisories confirm this affects the Linux kernel and multiple distributions and mentio...

CVE-2021-20322

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

The vulnerability of the Service Worker API in browsers such as Google Chrome and Microsoft Edge allows a malicious actor to execute arbitrary code.

The vulnerability of the Service Worker API in browsers such as Google Chrome and Microsoft Edge is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of Microsoft Windows Defender operating systems, which allows a hacker to bypass security restrictions

The vulnerability of Microsoft Windows Defender operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent security restrictions...

The vulnerability of the Resilient File System (ReFS) in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Resilient File System ReFS in Windows operating systems is related to errors in code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a hacker to circumvent security restrictions.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent security restrictions...

Vulnerability of the Node.js software platform’s Relative Distinguished Name (RDN) component, which allows attackers to perform spoofing attacks

The vulnerability of the Relative Distinguished Name RDN component in the Node.js software platform is related to errors in the certificate validation process. Exploiting this vulnerability allows attackers to perform spear-phishing attacks remotely...