kernel: HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()

A buffer overflow vulnerability has been found in the linux kernel, such that when calling mcpsmbuswrite, a buffer of a smaller size is called when performing memcpy, resulting in damage to confidentiality, integrity, and availability of the system...

PT-2023-2303 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in Windows DNS Server, allowing remote attackers to execute arbitrary code and affect the system...

PT-2023-2462 · Microsoft · Windows Error Reporting Service +1

Name of the Vulnerable Software and Affected Versions: Windows Error Reporting Service affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Error Reporting Service, which can be exploited to elevate privileges. This allows an attacke...

PT-2023-1766 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insecure privilege management in the Windows Accounts Picture component, allowing an attacker to elevate their privileges. This can affect the system. Recommendation...

RewardThrottle.setTimekeeper: If changing the timekeeper causes the epoch to change, it will mess up the system

Lines of code Vulnerability details Impact RewardThrottle.setTimekeeper allows POOLUPDATERROLE to update the timekeeper when RewardThrottle is active, function setTimekeeperaddress timekeeper external onlyRoleMaltPOOLUPDATERROLE, "Must have pool updater privs" requiretimekeeper != address0, "Not...

SUSE CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

PT-2023-1593 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is caused by a buffer overflow in memory, allowing an attacker to elevate their privileges. This can affect the system, potentially enabling...

PT-2022-5732 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to insecure privilege management in the Windows Hyper-V hardware virtualization system, which can be exploited to elevate privileges. This could allow an attack...

Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞

Microsoft Client Server Run-time Subsystem is a client/server run-time subsystem from Microsoft Corporation of the United States, manifested as the csrss.exe process. It is a component of the Windows NT operating system family, appearing in Windows NT 3.1 and later systems, providing the user mod...

Kepware KEPServerEX 缓冲区错误漏洞

Kepware Kepserverex is a software application from Kepware USA that communicates with a wide range of industrial equipment. The software supports more than 150 communication protocols and supports the delivery of reliable real-time data to organizations through a single platform. A buffer error...

DEBIAN-CVE-2022-35978

Minetest is a free open-source voxel game engine with easy modding and game creation. In single player, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs i...

PT-2022-3212 · Microsoft · Windows Lsa +1

Name of the Vulnerable Software and Affected Versions: Windows Local Security Authority Subsystem Service LSASS affected versions not specified Description: The issue is related to insufficient access control in the Local Security Authority Subsystem Service LSASS of Windows operating systems. It...

PT-2022-2819 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to synchronization errors when using a shared resource in the Windows operating system. It allows a remote attacker to potentially elevate their privileges. The...

PT-2022-2896 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to errors in information processing within the Windows Hyper-V system, which can be exploited by a remote attacker to gain unauthorized access to protected...

JetBrains TeamCity XML External Entity Handling Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...

WordPress WP_Query SQL Injection (CVE-2022-21661)

An SQL injection vulnerability exists in WordPress WPQuery. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

ERC4626 mints more shares than it should

Lines of code Vulnerability details bug in the mint function of the ERC4626 contract The mint function recieves an amount of shares and an address to and mints the amount of shares to the to address. The sender must transfer an amount of token, so that the ratio will be saved - shares / totalShar...

PT-2021-6415 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to a buffer overflow in memory, allowing an attacker to disclose protected information. This can be exploited to obtain sensitive information and affect the...

CVE-2021-44235

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This...

PT-2021-5087 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing for spoofing attacks. It enables a remote attacker to affect the system...