CVE-2022-35223

CVE-2022-35223 affects EasyUse MailHunter Ultimate via its cookie deserialization function. The root cause is inadequate validation during deserializing cookies containing a malicious payload, enabling an unauthenticated remote attacker to execute arbitrary code, manipulate system commands, or in...

National Health Insurance 缓冲区错误漏洞

National Health Insurance NHI is a health insurance program health insurance card in Taiwan, China. A security vulnerability exists in National Health Insurance that stems from insufficient validation of network packet header lengths and a stack-based buffer overflow, which could be exploited by ...

The vulnerability of the Net-SNMP software suite arises from insufficient validation of input data, allowing a perpetrator to trigger a service failure.

The vulnerability of the Net-SNMP software suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

SUSE: Security Advisory (SUSE-SU-2022:2524-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2524-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 bsc1201221: - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted....

Vulnerability of the Server component of the Oracle MySQL Server, a database management system in the Federated system, which allows a hacker to cause a service failure.

The vulnerability of the Oracle MySQL Server component in the Oracle Database Management System involves errors related to resource release. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL protocol...

Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to resource release errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using the MySQL protocol...

Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases, which allows a hacker to cause a service failure.

Vulnerability of the Cluster component: General database management systems like MySQL Cluster are vulnerable due to insufficient validation of input data. Exploitation of this vulnerability can allow a malicious actor to cause service interruptions remotely...

Debian: Security Advisory (DSA-5182-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5182-1] webkit2gtk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5182-1 [email protected] https://www.debian.org/security/ Alberto Garcia July 15, 2022 https://www.debian.org/security/faq -...

The vulnerability of the microprogrammed software of industrial switches SCALANCE W1788-1 M12, SCALANCE W1788-2 EEC M12, SCALANCE W1788-2 M12, SCALANCE W1788-2IA M12 allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software of industrial switches SCALANCE W1788-1 M12, SCALANCE W1788-2 EEC M12, SCALANCE W1788-2 M12, and SCALANCE W1788-2IA M12 is related to errors in processing ARP packets. Exploiting this vulnerability can allow a remote attacker to cause service...

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool allows a perpetrator to trigger a service failure.

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

Denial Of Service (DoS)

webkit2gtk is vulnerable to denial of service. The vulnerability exists due to a logic issue in video self-preview feature in a webrtc call, which can be interrupted if the user answers a phone call...

The vulnerability of the njs_set_number() function in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njssetnumber function in the njs interpreter of the nginx server is related to the issue of operations going beyond the buffer in memory when input data is not properly cleared. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerabilities of Adobe Acrobat PDF editing programs and Adobe Reader PDF viewing programs, related to resource management errors, allow attackers to cause service failures.

The vulnerabilities of Adobe Acrobat PDF editing programs and Adobe Reader PDF viewing programs are related to resource management errors. Exploiting these vulnerabilities can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the Application Visibility and Control (AVC-FNF) function in the Cisco IOS XE operating system of Cisco Catalyst 9800 and 9800-CL for Cloud controller devices allows a intruder to trigger a service failure.

The vulnerability of the Application Visibility and Control AVC-FNF function in the Cisco IOS XE operating system of Cisco Catalyst 9800 and 9800-CL for Cloud wireless network controllers is related to a breach of the buffer’s initial boundary. Exploiting this vulnerability can allow an attacker ...

The vulnerability of the ext4_mount function in the Cboot module of the NVIDIA Jetson embedded software driver package allows a attacker to execute arbitrary code, gain elevated privileges, or cause partial service failure.

The vulnerability of the ext4mount function in the Cboot module of the NVIDIA Jetson software driver suite is related to a numerical overflow issue. Exploiting this vulnerability could allow an attacker to execute arbitrary code, gain elevated privileges, or cause partial service interruptions...

Upgraded Q -> M from 270 [1655579826704]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: Gas stipend for payable.send may be too low for contract wallets ETH withdrawals in both the minter and token contracts use payableaddress.send to transfer ether to the vault address. If the configured vault is ...

The vulnerability of the connection processing function in Cisco Firepower Threat Defense’s microprogrammed network interface devices allows a attacker to trigger a service failure.

The vulnerability of the connection processing function in Cisco Firepower Threat Defense’s microprogrammed network interface controllers is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending...

expat: Integer overflow in function XML_GetBuffer

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...