11186 matches found
OpenSSL -- Certificate validation issue
The OpenSSL project reports: Invalid handling of X509verifycert internal errors in libssl Moderate Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for...
The vulnerability of the WPE WebKit browser’s web page rendering module for Safari on iOS, iPadOS, tvOS, watchOS, and macOS lies in type conversion errors, allowing attackers to execute arbitrary code.
The vulnerability of the WPE WebKit browser’s web page rendering module for Safari operating systems—iOS, iPadOS, tvOS, watchOS, and macOS—is related to type conversion errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Vulnerability of the kernel of the Common Open Policy Service (COPS) in Cisco IOS XE operating systems, allowing a hacker to cause a service failure
The vulnerability of the Common Open Policy Service COPS for Cisco IOS XE operating systems is related to errors in processing COPS packets. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Business Logic Errors in tsolucio/corebos
Description The application is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login into the application https://demo.corebos.com/index.php?action=Login&module=Users Step 2: Navigate to Inventory - Product - Edit any product. Step 3: Now enter an amou...
SUSE SLES12 Security Update : the Linux RT Kernel (SUSE-SU-2021:3992-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3992-1 advisory. - In bpfskbchangehead of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of...
Updated libvirt packages fix security vulnerability
Fix deadlock on virStoragePoolLookupByTargetPath failure bz 1986113 CVE-2021-3667 More CAPSETPCAP warning fixes bz 1924218 Handle unknown firmware.json errors...
MGASA-2021-0547 Updated libvirt packages fix security vulnerability
Fix deadlock on virStoragePoolLookupByTargetPath failure bz 1986113 CVE-2021-3667 More CAPSETPCAP warning fixes bz 1924218 Handle unknown firmware.json errors...
Business Logic Errors in yetiforcecompany/yetiforcecrm
Description The application is vulnerable to Business Logic error through negative product amount. Proof of Concept Step 1: Login into the application https://gitstable.yetiforce.com/index.php Step 2: Navigate to Database - Product - Edit any product. Step 3: Now enter a negative amount in Unit...
Google Chrome Security Updates (stable-channel-update-for-desktop-2021-02) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
SUSE SLES15 Security Update : the Linux RT Kernel (SUSE-SU-2021:3979-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3979-1 advisory. - In bpfskbchangehead of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of...
Business Logic Errors in pimcore/pimcore
Description The application is vulnerable to Business Logic error through negative cart amount. Proof of Concept Step 1: Login to the application https://10.x-dev.pimcore.fun/admin/login?perspective= Step 2: Navigate to Online shop - Pricing Rules - Voucher Discount - Actions Step 3: Enter Negati...
SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3972-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3972-1 advisory. The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixe...
The vulnerability of the IPPUSB discriver, a traffic analyzer for computer networks by Wireshark, allows a hacker to cause a service failure.
The vulnerability of the IPPUSB discriver and the traffic analyzer for computer networks by Wireshark is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by injecting specially created packets...
CVE-2021-37075
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected...
CVE-2021-37075
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected...
Spoofing
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected...
CVE-2021-37075
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected...
CVE-2021-37075
Technical details for CVE-2021-37075 are not publicly available in the provided documents. Monitor for updates.
Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3969-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3969-1 advisory. - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of al...