265 matches found
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Symfony vulnerabilities (USN-7272-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7272-1 advisory. Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this...
ROS-20250121-11
A vulnerability in the QTextLayout component of the cross-platform software development framework Qt is related to buffer copying without input validation. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted file SVG A...
The vulnerability of the software for managing Lenovo Accessories and Display Manager (LADM) and the software for managing and configuring Lenovo Display Control Center (LDCC) lies in errors in the authentication process, allowing a perpetrator to execute arbitrary code.
The vulnerabilities of the Lenovo Accessories and Display Manager LADM software for managing accessories and displays, as well as the Lenovo Display Control Center LDCC software for controlling and configuring displays, are related to errors in the certificate validation process. Exploiting these...
The vulnerability of the Checkmk Exchange plugin for MikroTik routers allows a hacker to execute a spoofing attack.
The vulnerability of the Checkmk Exchange plugin for MikroTik routers is related to errors in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a spoofing attack remotely...
The vulnerability of the Site Hierarchy Flows component of the Oracle Site Hub data storage and management system, a part of the Oracle E-Business Suite, allows an attacker to access, modify, add, and delete data.
The vulnerability of the Site Hierarchy Flows component of the Oracle Site Hub data storage and management system, a part of the Oracle E-Business Suite automation system for enterprise activities, is related to authentication errors. Exploiting this vulnerability could allow an attacker to gain...
The vulnerability of the Field Service Engineer Portal component of the Oracle Field Service management platform allows a malicious individual to access, modify, add, and delete data. This component is part of the Oracle E-Business Suite, which is used for automating business processes in enterprises.
The vulnerability of the Field Service Engineer Portal component of the Oracle Field Service management platform, part of the Oracle E-Business Suite, is related to authentication errors. Exploiting this vulnerability could allow an attacker to gain access to modify, add, and delete data using th...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain full control over the application.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in authentication errors that occur when operations are performed outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain full control over the application...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B, related to authentication errors, allows attackers to bypass security restrictions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to authentication errors. Exploiting these vulnerabilities can allow attackers to bypass security restrictions remotely...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to authentication errors, allows a hacker to execute continuous integration and continuous delivery processes on arbitrary branches of the program.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to authentication errors. Exploiting this vulnerability allows a malicious actor to remotely execute continuous integration and continuous delivery processes on arbitrary branches of the...
The vulnerability of the Secure Channel component in Windows operating systems, which allows a hacker to perform a spoofing attack
The vulnerability of the Secure Channel component in Windows operating systems is related to errors in the certificate authentication process. Exploiting this vulnerability can allow a malicious actor to perform a spoofing attack remotely...
The vulnerability of the Blink web browser component in Google Chrome, which allows a hacker to access confidential data
The vulnerability of the Blink web browser component in Google Chrome is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data through a specially created HTML page...
The vulnerability in the user interface of the LibreOffice office software’s certificate verification process allows a perpetrator to execute arbitrary code.
The vulnerability of the user interface for verifying certificate in the LibreOffice office software package is related to errors in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user allows the macro to be executed...
Vulnerability of the Server component: The Oracle MySQL Server database management system’s DDL functions allow attackers to cause service interruptions.
Vulnerability of the Server component: The DDL system for managing databases, Oracle MySQL Server, is vulnerable to authentication errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
Error: The Pool Failed to Enable External Authentication in XenServer
When attempting to enable external pool authentication in a XenServer 5.6 Feature Pack 1 pool, the operation fails with one or more of the following errors: “Error: The pool failed to enable external authentication.” “Error: Enabling Active Directory Authentication on pool '' - Could not enable...
Troubleshooting '401 - Unauthorized' or 'x509' Errors When Accessing the Veeam Kasten for Kubernetes Dashboard
Challenge When attempting to access the Veeam Kasten for Kubernetes dashboard the following error occurs despite using the cacertconfigmap.name helm value: 401 - Unauthorized This issue may also manifest as errors related to x509 in the gateway pod or auth-svc pod logs: x509: certificate signed b...
The vulnerability of the MileSight DeviceHub deployment platform, related to authentication errors, allows a violator to execute arbitrary code.
The vulnerability of the MileSight DeviceHub deployment platform is related to authentication errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the SMTPS protocol implementation in the JetBrains YouTrack project management and task management software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the SMTPS protocol implemented by the JetBrains YouTrack software for managing projects and tasks is related to errors in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the connection application between the cloud platform and the local system via SAP Cloud Connector arises from errors in the authentication process. These errors allow attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the connection application between the cloud platform and the local system via SAP Cloud Connector is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protecte...
The vulnerability of the api_pluginhook() function in the Cacti network monitoring software allows a hacker to execute arbitrary code.
The vulnerability of the apipluginhook function in the lib/plugin.php file of the Cacti network monitoring software is related to authentication errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Airflow FTP Provider network software is related to errors in the authentication process, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Airflow FTP Provider network software is related to errors in the authentication process. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...