PT-2025-37875

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's ext4 filesystem implementation where the i disksize can exceed i size during partial write operations. This condition can trigger a warning and...

OESA-2022-2150 openjdk-latest security update

Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily...

SUSE-SU-2022:4607-1 Security update for conmon

This update for conmon fixes the following issues: conmon was updated to version 2.1.5: don't leak syslogidentifier logging: do not read more that the buf size logging: fix error handling Makefile: Fix install for FreeBSD signal: Track changes to getsignaldescriptor in the FreeBSD version Packit:...

Users can bypass the maxWinPercent limit using a partially closing

Lines of code Vulnerability details Impact Users can bypass the maxWinPercent limit using a partial closing. As a result, users can receive more funds than their upper limit from the protocol. Proof of Concept As we can see from the documentation, there is limitation of a maximum PnL. Maximum PnL...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.1.8)

The version of AOS installed on the remote host is prior to 6.5.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.1.8 advisory. - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 - If Apache Tomcat 8.5.0...

CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure...

SUSE-SU-2022:4452-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u352 icedtea-3.25.0: - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via...

CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure...

VMware ESXi 缓冲区错误漏洞

VMware ESXi is a server virtualization platform from VMware that can be installed directly on physical servers. A security vulnerability exists in VMware ESXi| vCenter Server that originates from a contained heap overflow, which could be exploited by an attacker to achieve partial information...

SUSE-SU-2022:4373-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u352 icedtea-3.25.0: - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via...

Important: rubygem-nokogiri

Issue Overview: A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability...

SUSE SLES12 Security Update : libdb-4_8 (SUSE-SU-2022:4289-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4289-1 advisory. - Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38...

SUSE-SU-2022:4289-1 Security update for libdb-4_8

This update for libdb-48 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution bsc1174414...

CVE-2022-32967

Realtek RTL8111EP-CG/RTL8111FP-CG DASH function contains a hard-coded password. An unauthenticated physical attacker can exploit this during a reboot triggered by another user to access partial system information (e.g., serial number, server information). Affected firmware versions are prior to 3...

Exploit for Cross-Site Request Forgery (CSRF) in Perfsonar

Vendor: perfSONAR Link: https://github.com/perfsonar/ Affected V...

SAML 授权问题漏洞

SAML is a library for Ross Kinder individual developers that contains a partial implementation of the saml standard in golang. That is, it allows third parties to authenticate your users, or allows third parties to rely on us to authenticate their users. There is an authorization issue...

SUSE-SU-2022:4214-1 Security update for libdb-4_8

This update for libdb-48 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution bsc1174414...

PT-2022-22999 · Miele · Appwash Mobileapp

Name of the Vulnerable Software and Affected Versions: Miele AppWash MobileApp affected versions not specified Description: The issue concerns an API endpoint used by Miele's AppWash MobileApp, which was vulnerable to an authorization bypass. A low-privileged, remote attacker could gain read and...

Miele appWash 安全漏洞

Miele appWash is a laundry room digitization app from Miele Germany. Miele appWash suffers from an Access Control Error vulnerability that stems from the use of an API endpoint to bypass authorization checks. An attacker could use this vulnerability to gain read and partial write access to data...

MariaDB 10.0.0 < 10.0.32 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.0.32. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.32 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected...