CVE-2022-1649

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see CWE...

CVE-2022-1649 Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in radareorg/radare2

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see CWE...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:1577-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1577-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially...

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2022-0041)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered...

Siemens Industrial Products with OPC UA

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET PC, SITOP Manager, TeleControl Server Basic Vulnerability: Null Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2022:1582-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1582-1 advisory. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially...

Siemens Industrial Devices using libcurl

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-132-13 Siemens Industrial Devices using...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2022-0012)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash. This...

MariaDB 10.4.0 < 10.4.25 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.4.25. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.4.25 advisory. - MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component...

CVE-2022-21415

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21414

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-21413

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

CVE-2022-21438

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Mageia: Security Advisory (MGASA-2022-0156)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-41810

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...

Stored XSS Via Markdown payload at HackerOne Settings

Description Rengine supports automatic vulnerability reporting to hackerone the module included a feature to customize the report using a markdown editor. Although it was blocking some malicious payloads, the Cross-Site Scripting was found exploitable via a special payload. Proof of Concept 1. Go...

Updated firefox/nss/rootcerts packages fix security vulnerability

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash CVE-2022-1097. After a VR Process is destroyed, a reference to it may have been retained and used, leading to a...

Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5393-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5393-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing contex...

Important: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. CVE-2022-1097 The Mozilla...

Hitachi Energy System Data Manager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2. RISK...