481 matches found
EmpowerID Data Forgery Issue Vulnerability
EmpowerID is an all-in-one identity management and cloud security suite from EmpowerID. EmpowerID version 7.205.0.0 previously had a data forgery issue vulnerability. An attacker could exploit the vulnerability to obtain sensitive information...
Huawei HarmonyOS 数据伪造问题漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security restriction bypass vulnerability that stems from the use of insecure signatures in the osulogin module, which can be...
Class Scheduling System Data Forgery Problem Vulnerability
Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0, which stems from a lack of authentication when changing email addresses or passwords, allowing a remote attacker to take over an account...
CODESYS Development System Data Falsification Issue Vulnerability
3s-smart Software Solutions CODESYS Development System is a suite of programming tools for the field of industrial controllers and automation technology from 3s-smart Software Solutions, Germany. A data forgery vulnerability exists in CODESYS Development System versions 3.5.11.20 through 3.5.19.2...
F5 BIG-IP Edge Client Installer 数据伪造问题漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP APM elevation of privilege vulnerability, which is caused by incorrect verification of cryptographic signatures duri...
F5 BIG-IP Edge Client 数据伪造问题漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A data forgery issue vulnerability exists in the F5 BIG-IP Edge Client, which stems from the presence of insufficient data...
Certifi 数据伪造问题漏洞
Certifi is a Python SSL certificate from Certifi Open Source. Certifi versions prior to 2023.07.22 are vulnerable to a data forgery issue that stems from a security flaw in e-Tugra's root certificate...
Honeywell Products 数据伪造问题漏洞
Honeywell Products is a line of products from Honeywell, Inc. Honeywell Products is vulnerable to a data forgery issue, which arises from the possibility that the controller may be loaded with malicious firmware that could enable remote code execution...
CVE-2021-4416
The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdfadminsavepost function. This makes it possible for unauthenticated attackers to save post data via a forged request...
Tekton Pipelines 数据伪造问题漏洞
Tekton Pipelines is a cloud-native pipeline from Tekton Open Source. A data forgery issue vulnerability exists in Tekton Pipelines version 0.35.0, which stems from incorrect access rights...
Ricoh Printer Driver Packager NX 数据伪造问题漏洞
Ricoh Printer Driver Packager NX is a tool for IT managers at Ricoh Japan to customize and package printer drivers. A security vulnerability exists in Ricoh Printer Driver Packager NX versions v1.0.02 through v1.1.25, which originated when administrator privileges are required for the installatio...
Notation 数据伪造问题漏洞
Notation is a collection of libraries open-sourced by the Notary Project to support symbolic notation, validation, push and pull oci artifacts. A data forgery issue vulnerability exists in versions prior to Notation v1.0.0-rc.6, which can be exploited by an attacker to corrupt the registry and...
Django-SES 数据伪造问题漏洞
Django-SES is the Django email backend for Amazon Simple Email Service. A security vulnerability exists in Django-SES versions prior to 3.5.0 that stems from allowing users to specify arbitrary public certificates...
Snap One OvrC Pro 数据伪造问题漏洞
Snap One OvrC is a free cloud-based remote management and monitoring platform from Snap One USA. A data forgery issue vulnerability exists in Snap One OvrC Pro 7.2 and prior versions, which stems from the lack of a complete PKI system firmware signature, and can be exploited by an attacker to...
UNISOC Chipsets 数据伪造问题漏洞
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in the UNISOC Chipsets modem module, which stems from a lack of validation of the HashMME value in the Safe Mode command...
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided
A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...
AMI MegaRAC 数据伪造问题漏洞
AMI MegaRAC is a family of service processor products from AMI. Complete out-of-band or unlit remote management of computer systems independent of operating system state or location is available to troubleshoot computers and ensure service continuity. A security vulnerability exists in AMI MegaRA...
Pegasystem PEGA Platform 数据伪造问题漏洞
Pegasystem PEGA Platform is a suite of application development platforms from the US-based Pegasystem. The platform is used to develop applications such as BPM Business Process Management, case management, real-time decision making, and CRM Customer Relationship Management. A security vulnerabili...
Schneider Electric IGSS Data Server 数据伪造问题漏洞
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to send specific crafted messages to the data server T...
Schneider Electric IGSS Data Server 数据伪造问题漏洞
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to gain access to delete files in the IGSS project...