3795 matches found
CVE-2022-34866
Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...
Cybozu Office 跨站脚本漏洞
Cybozu Office is a web-based, cross-platform collaborative office solution from Cybozu. Cybozu Office suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code...
CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise...
CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise...
Arbitrary transfers following approvals can lead to loss of funds/NFTS
Lines of code Vulnerability details Impact These three transfer functions allow an attacker to supply an arbitrary from and to to transfer ERC20s, ERC721s, and ERC1155s. The moment that a user sets approval for the contract to spend their tokens, an attacker can front-run the next call and steal...
The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Client Server Run-Time Subsystem CSRSS in the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jul 2022)
This host is missing a critical security update according to Microsoft Office Click-to-Run update SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Client Server Run-Time Subsystem CSRSS in the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
CVE-2022-22049
CVE-2022-22049 is a Windows CSRSS (Client Server Run-time Subsystem) Elevation of Privilege vulnerability. The entry lists a CVSS v2 base score of 7.2 (HIGH) and CVSS v3.1 base score of 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, and privileges required as LOW; no user interactio...
CVE-2022-22049 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
...
CVE-2022-22026
CVE-2022-22026 is a Windows CSRSS Elevation of Privilege vulnerability. The connected document confirms it as one of the CSRSS issues fixed during the July 2022 Patch Tuesday cycle, noting that two other CSRSS flaws (CVE-2022-22047 and CVE-2022-22049) were also fixed. The exact affected product s...
PT-2022-3590 · Microsoft · Windows Client Server Run-Time Subsystem +1
Name of the Vulnerable Software and Affected Versions: Windows Client Server Run-time Subsystem CSRSS affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Client Server Run-time Subsystem CSRSS. It allows an attacker to gain...
PT-2022-3591 · Microsoft · Windows Client Server Run-Time Subsystem +1
Name of the Vulnerable Software and Affected Versions: Windows Client Server Run-time Subsystem CSRSS affected versions not specified Description: The issue is related to insufficient access restrictions in the Client Server Run-time Subsystem CSRSS of the Windows operating system. It allows an...
July 5, 2022, update for Office 2016 (KB5002192)
July 5, 2022, update for Office 2016 KB5002192 This article describes update 5002192 for Microsoft Office 2016 that was released on July 5, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to Offi...
Security fix for the ALT Linux 10 package MySQL version 8.0.29-alt1
8.0.29-alt1 built July 5, 2022 Nikolai Kostrigin in task 302902 --- June 30, 2022 Nikolai Kostrigin - new version + fixes: CVE-2021-22570, CVE-2022-0778, CVE-2022-21454, CVE-2022-21457 + fixes: CVE-2022-21425, CVE-2022-21440, CVE-2022-21459, CVE-2022-21478 + fixes: CVE-2022-21479, CVE-2022-21418,...
The vulnerability of Splunk Enterprise’s deployment servers allows a attacker to compromise the Universal Forwarder and execute arbitrary code.
The vulnerability of the Splunk Enterprise platform’s deployment servers is related to lack of access control. Exploiting this vulnerability allows a malicious actor to compromise the Universal Forwarder and execute arbitrary code...
Attacker may front-run acceptCounterOffer() cause users to take both original order and new one
Lines of code Vulnerability details Impact Function PuttyV2.acceptCounterOffer is used in case users see better deal and want to cancel their own order before filling the new one. But attacker can abuse this function by front-run calling fillOrder before it is cancelled in acceptCounterOffer...
Red Hat openshift node-utils 安全漏洞
Red Hat openshift node-utils is a cloud application Platform-as-a-Service PaaS package from Red Hat, Inc. A security vulnerability exists in Red Hat openshift node-utils, which originates when watchman creates /var/run/watchman.pid and /var/log/watchman.ouput with global writable privileges...
User fund lose in addLiquidity() of LiquidityReserve by increasing (totalLockedValue / totalSupply()) to very large number by attacker
Lines of code Vulnerability details Impact Function addLiquidity suppose to do add Liquidity for the staking Token and receive lrToken in exchange. to calculate amount of IrToken codes uses this calculation: amountToMint = amount lrFoxSupply / totalLockedValue but it's possible for attacker to...
CVE-2022-34176
Jenkins JUnit Plugin 1119.vaa5e9068dad7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Run/Update permission...