CLSA-2022-1650575892 Update of php 5.3: Remove mariadb102 patch to eliminate faulty functionality

Remove mariadb102 patch to eliminate faulty functionality...

The vulnerability of the php_wddx_process_data function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the phpwddxprocessdata function ext/wddx/wddx.c in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures by using an invalid ISO 8601 time value...

Get Lifetime Access to This 60-Hour Java Programming Training Bundle @ 97% Discount

Java is a very versatile programming language. From Android apps to Oracle databases, it can be used to power a wide range of software and systems. As with most technical skills, the best way to learn Java is through building your own projects. But you can definitely speed things up with...

Microsoft .NET Framework Denial of Service Vulnerability (CNVD-2022-60136)

Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a Windows Store, Windows Phone, Windows Server, and Microsoft Azure applications. The platform includes the C and Visual Basic programming languages, a public language runtime library,...

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

CVE-2022-20747

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker cou...

The vulnerability of implementing a isolated programming environment for PHP Smarty’s template processors allows attackers to circumvent the restrictions of an isolated programming environment.

The vulnerability of implementing a isolated programming environment for PHP Smarty’s template handlers is related to deficiencies in access control during the processing of the $smarty.templateobject object. Exploiting this vulnerability allows an attacker to circumvent the restrictions of an...

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...

Cisco Iox 路径遍历漏洞

Cisco Iox is a secure development environment from Cisco that combines Cisco IOS and Linux OS for secure network connectivity and development of IOT applications. The Cisco Iox application hosting environment suffers from a path traversal vulnerability that stems from insufficient path validation...

XWiki Privileged API Vulnerability (GHSA-ghcq-472w-vf4h)

XWiki is prone to a privileged API vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity

Cybersecurity researchers have uncovered further links between BlackCat aka ALPHV and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year. "At least some members of the new BlackCat group have links to the BlackMatter group,...

The vulnerabilities of the Go programming language’s `net.ParseIP` and `net.ParseCIDR` components allow attackers to compromise data integrity.

The vulnerability of the net.ParseIP and net.ParseCIDR components in the Go programming language is related to incorrect handling of zeros at the beginning of an IP address octal number. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

aEnrich a+HRD 安全漏洞

aEnrich a+HRD is a full-service human resources development solution from Acer China aEnrich. The aEnrich a+HRD has a security vulnerability that allows an unauthenticated, remote attacker to control the system or disrupt services by uploading and executing malicious scripts using API functions...

CVE-2022-20755

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...

CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

Design/Logic Flaw

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

Authentication flaw

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

Authorization

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...