CVE-2022-30243

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the...

CVE-2022-30243

The CVE-2022-30243 entry relates to Honeywell Alerton Visual Logic up to 2022-05-04, where unauthenticated remote writes allow crafted programming changes stored on the controller and executed without verification. This enables a malicious user to alter or stop the controller’s program, potential...

[SECURITY] Fedora 36 Update: golang-1.18.4-1.fc36

The Go Programming Language...

Samsung telephony-common.jar information disclosure vulnerability

Samsung telephony-common.jar is a Telephony service for Samsung mobile devices that provides support for the Telephony Application Programming Interface TAPI. A local attacker with log access could exploit the vulnerability to obtain IMSI through device logs...

Hyperledger: Remote denial of service in HyperLedger Fabric

How to reproduce 1.Bring up the test network.https://hyperledger-fabric.readthedocs.io/en/latest/testnetwork.htmlbring-up-the-test-network 2.Run the PoC. bash go run poc.go -server=192.168.0.208:7051 go package main import "context" "crypto/tls" "flag" "fmt"...

[SECURITY] Fedora 36 Update: golang-github-elves-elvish-0.15.0-4.fc36

Friendly Interactive Shell and Expressive Programming Language...

[SECURITY] Fedora 36 Update: golang-1.18.3-2.fc36

The Go Programming Language...

[SECURITY] Fedora 35 Update: golang-1.16.15-3.fc35

The Go Programming Language...

Fedora: Security Advisory for golang (FEDORA-2022-ffe7dba2cb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the API interface of the database of Cisco Expressway Series and Cisco Telepresence VCS devices allows attackers to perform attacks by bypassing the absolute path on the vulnerable device and rewriting files in the basic operating system with root privileges.

The vulnerability of the API interface of Cisco Expressway Series and Cisco Telepresence VCS database devices is related to insufficient checking of arguments entered by users during command execution. Exploiting this vulnerability allows attackers to perform attacks remotely, bypassing the...

CVE-2022-20812

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...

PT-2022-3468 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and the web-based management interface of the affected...

Fedora: Security Advisory for golang-github-christrenkamp-goxpath (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-mock (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Hive ransomware gets upgrades in Rust

Hive ransomware is only about one year old, having been first observed in June 2021, but it has grown into one of the most prevalent ransomware payloads in the ransomware-as-a-service RaaS ecosystem. With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest...

php: password of excessive length triggers buffer overflow leading to RCE

A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlndwireprotocol.c. When using the pdomysql extension with mysqlnd driver, if the third party is allowed to supply a MySQL database server password in the mysqlnd driver to the host for the connection,...

[SECURITY] Fedora 36 Update: golang-github-mock-1.6.0-3.fc36

GoMock is a mocking framework for the Go programming language. It integrates well with Go's built-in testing package, but can be used in other contexts to o...

[SECURITY] Fedora 36 Update: golang-github-leveldb-0-0.9.20190701git259d925.fc36

The LevelDB key-value database in the Go programming language...

[SECURITY] Fedora 36 Update: golang-github-gobwas-ws-1.1.0-3.fc36

Tiny WebSocket library for Go...

[SECURITY] Fedora 36 Update: golang-github-christrenkamp-goxpath-0-0.6.20200627gitc5096ec.fc36

An XPath 1.0 implementation written in the Go programming language...