Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2023-2760)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hitachi Energy RTU500 series Stack-Based Buffer Overflow (CVE-2022-2502)

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature Advanced security' which must b...

The vulnerability of Linux operating system kernels, related to manipulating the TCA_QFQ_LMAX argument, allows attackers to cause values to be written outside of the allowed range.

The vulnerability of Linux operating system kernels relates to manipulating the unknown input data through the argument TCAQFQLMAX. Exploiting this vulnerability can allow a remote attacker to cause values to be written outside of the allowed range...

The vulnerability of the Zoom video conferencing service, which stems from insufficient validation of input data, allows attackers to access protected information.

The vulnerability of the Zoom video conferencing service exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information...

The vulnerability of the microprogrammed software of Moxa’s TN-5900 series routers allows for the execution of arbitrary code.

The vulnerability of Moxa TN-5900 series router microprogramming software is related to errors in processing input data during the certification creation process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the WinRAR file archiver, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the WinRAR file archiver is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the CSI Proxy component of the Kubernetes cluster management software allows a hacker to increase their privileges.

The vulnerability of the CSI Proxy component, a software tool for managing virtual machine clusters in Kubernetes, is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

Buffer overflow

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing a maliciously crafted input data for gslstatsquantilefromsorteddata of the library may lead to unexpected application termination or arbitra...

The vulnerability of Microsoft Exchange Server’s mail server, related to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications lies in insufficient encoding of user-input data, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the software for integrating SAP NetWeaver Process Integration corporate applications is related to insufficient encoding of data entered by users. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the keyinstall component in MediaTek’s microprogramming software allows a hacker to trigger a service failure.

The vulnerability of the keyinstall component in MediaTek’s microprogramming software is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to cause malfunctions in the system...

The vulnerability of the CmpAppForce component in software products from CODESYS and Schneider Electric allows a hacker to trigger a service failure.

The vulnerability of the CmpAppForce component in CODESYS and Schneider Electric software products is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the libxpc library in iOS operating systems, iPadOS, macOS Big Sur, macOS Monterey, watchOS, and macOS Ventura allows a hacker to trigger a service failure.

The vulnerability of the libxpc library in iOS, iPadOS, macOS Big Sur, macOS Monterey, watchOS, and macOS Ventura systems is related to errors in processing input data. Exploiting this vulnerability allows an attacker to cause service failures...

Simple Online Mens Salon Management System Cross-Site Scripting Vulnerability

Simple Online Mens Salon Management System is open source a men's salon management system . Simple Online Mens Salon Management System v1.0 version of a cross-site scripting vulnerability , the vulnerability stems from the file /admin/?page=user/list parameter First Name/Last Name/Username on the...

Vulnerability of the Server component: The DDL system for database management in MySQL, which allows a hacker to cause a service failure.

Vulnerability of the Server component: The DDL system for managing databases in MySQL is vulnerable to errors during the processing of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Vulnerability of the Server component: The Replication function of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Replication component of the MySQL database management system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows a perpetrator to cause a service failure.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability of the extension for the Microsoft Visual Studio Code editor allows a hacker to execute arbitrary code.

The vulnerability of the editor extension for Microsoft Visual Studio Code’s GitHub Pull Requests and Issues extension is related to errors in processing input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

Vulnerability of the Server component: The Replication function of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Replication component of the MySQL database management system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the Android Mobile Authenticator App, a software solution for managing enterprise mobility, within the Oracle Mobile Security Suite, a software platform of Oracle Fusion Middleware, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Android Mobile Authenticator App, a software solution for managing enterprise mobility, within the Oracle Mobile Security Suite, a software platform from Oracle Fusion Middleware, is related to errors in processing input data. Exploiting this vulnerability can allow an...