The vulnerability of the Modern Execution Server component for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Modern Execution Server component for Windows operating systems is related to errors in code generation control. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...

flynn/noise has improper nonce handling yielding potential state DoS

The Go package github.com/flynn/noise, a Noise Protocol implementation, has two bugs in nonce handling in versions prior to v1.0.0. Issue 1: Potential nonce overflow If 264 18.4 quintillion or more messages are encrypted with Encrypt after handshaking, the nonce counter will wrap around, causing...

PT-2022-17143 · Jenkins · Jenkins Doktor Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Doktor Plugin version 0.4.1 and earlier Description: The issue allows attackers who can control agent processes to determine whether a file with a given name exists on the controller, by exploiting the functionality that renders files...

Business Logic Errors in microweber/microweber

Description The product is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login to the application, Navigate to Shops - Products - Add Product Step 2: Fill in all the required details with Pricing parameter as -100 and click on save. Here an item is...

The vulnerability of the Windows Certificate component in Windows operating systems allows attackers to carry out spoofing attacks.

The vulnerability of the Windows Certificate component in Windows operating systems is related to errors in the certificate validation process. Exploiting this vulnerability can allow attackers to carry out spoofing attacks...

MCS catalog creation fails when using dedicated host

Administrators may encounter the following error message when using MCS with Amazon AWS hosting connections: Transaction ID: XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX Action Name: MCAddMachineInitialzation Exception: : Domain name\machine-name$, Failed to create the virtual machine; Domain...

The vulnerability of the Windows Extensible Firmware Interface in the Windows operating system allows a hacker to perform a system shutdown.

The vulnerability of the Windows Extensible Firmware Interface in the operating system Windows is related to authentication errors when accessing files in the EFI partition. Exploiting this vulnerability can allow an attacker to perform a denial-of-service attack...

Publify Business Logic Errors

Publify formerly known as Typo prior to version 9.2.7 is vulnerable to business logic errors...

Xwiki Platform 输入验证错误漏洞

Xwiki Platform is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to input validation errors, which can be exploited by attackers to redirect users to malicious sites for phishing and other attacks...

Business Logic Errors in Publify

Publify formerly known as Typo prior to version 9.2.7 is vulnerable to business logic errors...

CVE-2022-0524

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...

CVE-2022-0524

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...

Code injection

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...

CVE-2022-0524

CVE-2022-0524 concerns business logic errors in Publify (Typo) prior to version 9.2.7. Multiple sources confirm the issue affects the Publify repository and Rubygems packaging, with remediation to update to 9.2.7 or later. The available documents describe the vulnerability class as business logic...

CVE-2022-0524 Business Logic Errors in publify/publify

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...

CVE-2022-0524 Business Logic Errors in publify/publify

Business Logic Errors in GitHub repository publify/publify prior to 9.2.7...

OPENSUSE-SU-2022:0283-1 Security update for samba

CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; bso14911; bsc1193690; - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfsfruit allows code execution; bso14914; bsc1194859; - CVE-2022-0336: Samba AD users...

PT-2022-16140 · Unknown · M1K1O/Blog

Name of the Vulnerable Software and Affected Versions: m1k1o/blog affected versions not specified Description: The issue concerns a lightweight self-hosted PHP blog, where errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload...

PT-2022-1674 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Common Log File System Driver, which can be exploited due to errors in security...