CVE-2022-24903 Buffer overflow in TCP syslog server (receiver) components in rsyslog

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code...

UBUNTU-CVE-2022-24903

Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code...

GHSA-4PRH-GQW8-RGH5 Apache Tomcat Directory Traversal

Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 / slash, 2 \ backslash, and 3 URL-encoded backslash %...

Apache Tomcat Directory Traversal

Directory traversal vulnerability in Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 / slash, 2 \ backslash, and 3 URL-encoded backslash %...

Cross-site scripting - DOM via view file function

Description In Modules - Files, when click a file will have a popup and in URL will append select-file= fragment, so this fragment in url lead to XSS-DOM. Proof of Concept...

The vulnerability of Perl interpreter modules, related to privilege management errors, allows attackers to execute arbitrary code.

The vulnerability of modules from the @INC directory in the Perl interpreter is related to privilege management errors. Exploiting this vulnerability allows an attacker to execute arbitrary code using a Trojan virus program...

GSD-2022-1002015 ath11k: fix kernel panic during unload/load ath11k modules

ath11k: fix kernel panic during unload/load ath11k modules This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.111 by commit...

GSD-2022-1001075 ath11k: fix kernel panic during unload/load ath11k modules

ath11k: fix kernel panic during unload/load ath11k modules This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID:CVE-2021-3807 DESCRIPTION: Chalk ansi-regex module for Node.js is vulnerable to a denial of service, caused by a regular expression...

SUSE-SU-2022:1164-1 Security update for go1.16

This update for go1.16 fixes the following issues: Update to version 1.16.15 bsc1182345: - CVE-2022-24921: Fixed a potential denial of service via large regular expressions bsc1196732. Non-security fixes: - Fixed an issue with v2 modules go51331. - Fixed an issue when building source in riscv64...

EvilSelenium - A Tool That Weaponizes Selenium To Attack Chromium Based Browsers

EvilSelenium is a new project that weaponizes Selenium to abuse Chromium-based browsers. The current features right now are: Steal stored credentials via autofill Steal cookies Take screenshots of websites Dump Gmail/O365 emails Dump WhatsApp messages Download & exfiltrate files Add SSH keys to...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the lack of protective measures for the structure of web pages, allows attackers to compromise data integrity.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the disclosure of information in erroneous data areas, allows attackers to gain access to confidential data.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

tildearrow Furnace 安全漏洞

The tildearrow Furnace is a multi-system chip tuning tracker compatible with DefleMask modules. A security vulnerability exists in tildearrow Furnace that stems from an incomplete fix for CVE-2022-1211, resulting in a denial of service vulnerability...

CVE-2022-24822 Denial of Service in @podium/layout and @podium/proxy

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...