Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Improper Check For Unusual or Exceptional Conditions (CVE-2022-45788)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert All...

Debian: Security Advisory (DLA-573-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-33256 Improper validation of array index in Multi-mode call processor

Memory corruption due to improper validation of array index in Multi-mode call processor...

CVE-2022-33256

CVE-2022-33256: A memory corruption issue in Qualcomm closed‑source components due to improper validation of an array index in the Multi‑mode call processor. Affected: Qualcomm closed‑source components; Root cause: improper array index validation. Impact: Critical (CVSS v3.1: 9.8) with remote cod...

CVE-2022-33256 Improper validation of array index in Multi-mode call processor

Memory corruption due to improper validation of array index in Multi-mode call processor...

PT-2023-13267 · Qualcomm · Snapdragon +61

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to memory corruption due to improper validation of an array index in the Multi-mode call processor. No information is provided abou...

SUSE CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

The vulnerabilities of AMD Secure Processor (ASP), System Management Unit (SMU), and Secure Encrypted Virtualization (SEV) related to initialization errors allow attackers to disclose protected information.

The vulnerabilities of AMD Secure Processor ASP, System Management Unit SMU, and Secure Encrypted Virtualization SEV related to initialization errors allow attackers to expose protected information...

The vulnerability of AMD Secure Processor’s microprogrammed software, including the System Management Unit (SMU), arises from the possibility of writing operations outside of the buffer in memory, allowing an attacker to compromise the integrity of the protected information.

The vulnerability of AMD Secure Processor ASP and System Management Unit SMU microprogramming software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of the protected information...

The vulnerability of the Bootloader component of AMD processors allows a hacker to trigger a system failure.

The vulnerability of the Bootloader component of AMD processors exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

The vulnerability of AMD Secure Processor’s microprogramming software is related to synchronization errors when using shared resources (“Race Conditions”). This allows a malicious actor to trigger a service failure.

The vulnerability of AMD Secure Processor ASP microprogramming software is related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of AMD’s microprogrammed security processor BIOS systems, related to improper cleaning or release of resources, allows a perpetrator to trigger a service failure.

The vulnerability of AMD’s microprogrammed security processor BIOS systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

AZL-25347 CVE-2023-27371 affecting package libmicrohttpd for versions less than 0.9.76-1

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

UBUNTU-CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document...

PT-2023-9347 · Gnu +7 · Gnu Libmicrohttpd +7

Name of the Vulnerable Software and Affected Versions: GNU libmicrohttpd versions prior to 0.9.76 Description: The issue is related to the improper parsing of a multipart/form-data boundary in the MHD create post processor method. This can be exploited by an attacker to send a malicious HTTP POST...

CVE-2022-45139

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of...

@wmfs/addressbase-plus-blueprint (>=1.1.0 <=1.182.0), @wmfs/addressbase-premium-blueprint (>=1.0.0 <=1.185.0) +50 more potentially affected by CVE-2023-26132 via dottie (>=2.0.0 <=2.0.3)

dottie NPM version =2.0.0, =1.1.0, =1.0.0, =1.0.0, =1.11.0, =1.10.0, =1.0.0, =1.0.0, =1.0.0, =1.27.0, =1.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.8.0 and more Source cves: CVE-2023-26132 Source advisory: SNYK:JS-DOTTIE-3332763...

Web applications and Project Loom

Introduction Project Loom aims to bring "easy-to-use, high-throughput, lightweight concurrency" to the JRE. One feature introduced by Project Loom is virtual threads. In this blog post, we'll be exploring what virtual threads mean for web applications using some simple web applications deployed o...

PT-2025-40190

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ACPI processor component related to the devm kzalloc function. A failure in devm kzalloc can lead to a NULL pointer dereference because clk...