After importing of an OVF package from a VMware environment Virtual Machine Fails to Boot with STOP 7B or 'Device Does Not Exist'

After importing of an OVF package from a VMware environment, a Windows virtual machine fails with a STOP 0x0000007B error, or a Linux virtual machine does not boot because a device /dev/sda1 for example does not exist. On a Windows virtual machine a STOP 0x0000007B error occurs. On a Linux virtua...

CVE-2024-37282

It was identified that under certain specific preconditions, an API key that was originally created with a specific privileges could be subsequently used to create new API keys that have elevated privileges...

Malicious code in not-exist-lykos-poc2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9fdf307a333300d88cdb5031c5f135a2fe51e2a01d4db763c2d1457111ce9fe4 The OpenSSF Package Analysis project identified 'not-exist-lykos-poc2' @ 66.6.9 npm as malicious. It is considered malicious because: - The...

CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL

Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...

exist-schule.de Improper Access Control vulnerability OBB-3816752

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

exist-schule.de Improper Access Control vulnerability OBB-3770380

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

KLA61353 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in HTTP/2 protocol can be exploited remotely to cause...

KLA61043 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Double-free memory address vulnerability in libwebp can be exploited remotely to cause...

Citrix 22.2.1.103 / 23.1.1.11 Local Privilege Escalation

//Discovered by:: TOUHAMI KASBAOUI - VXREMALWARE //Discover date : 25/03/2023 //Reported to Citrix: 25/03/2023 //Tested Version: 22.2.1.103, 23.1.1.11/Last version //Exploit: https://github.com/sqrtZeroKnowledge/CitrixSecureAccessLPE0DAY define UNICODE define UNICODE include include include inclu...

SUSE CVE-2021-32761

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis BIT command are vulnerable to integer overflow that...

CVE-2023-23925

The CVE-2023-23925 entry concerns the Switcher Client JavaScript SDK (Switcher API). Affects the strategy match operation (EXIST) where unsanitized input is used to build a regular expression, enabling a Regular Expression Denial of Service (ReDoS). Impact is indicated as high; CVSS vectors show ...

CVE-2023-23925 Switcher Client contains Regular Expression Denial of Service (ReDoS)

Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. This issue has been...

GHSA-WQXW-8H5G-HQ56 Switcher Client contains Regular Expression Denial of Service (ReDoS)

Impact Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. Patches Patched in 3.1.4 Workarounds Avoid using Strategy settings that use REGEX in conjunction with EXIST a...

Switcher Client contains Regular Expression Denial of Service (ReDoS)

Impact Unsanitized input flows into Strategy match operation EXIST, where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack reDOS. Patches Patched in 3.1.4 Workarounds Avoid using Strategy settings that use REGEX in conjunction with EXIST a...

Mozilla: libusrsctp library out of date

The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...

CVE-2022-20937

A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attack...

UBUNTU-CVE-2022-31097

Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...

Malicious code in runkit-embed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d1a12cf5df9a43c706a5f3c73571ad7199f6a81dd67d4b94d6b91ad149a5f5e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM

Overview FUJITSU Network IPCOM provided by FUJITSU LIMITED is an integrated network appliance. Operation management interface used to operate FUJITSU Network IPCOM contains multiple vulnerabilities listed below. OS command injection in the web console CWE-78 - CVE-2022-29516 Buffer overflow in th...

Apple Mac OS X Security Update (HT213056)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...