Dell PowerProtect Data Domain 操作系统命令注入漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A command execution vulnerability exists in Dell PowerProtect Data Domain that stems from a failure to properly filter construct command...

The vulnerability of the Supplier Management sub-component of the Oracle iSupplier Portal, a component of the Oracle E-Business Suite, allows a malicious individual to gain access to and read data.

The vulnerability of the Supplier Management sub-component of the Oracle iSupplier Portal, a component of the Oracle E-Business Suite enterprise automation system, is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker, operating remotely,...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to system data Increased user privilege...

The vulnerability of the WindowServer component in macOS operating systems allows a perpetrator to gain unauthorized access to the microphone.

The vulnerability of the WindowServer component in macOS operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to the microphone...

PT-2023-8820 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions =1.4.0 Description: The issue is related to insufficient protection of registration data in Apache Linkis, which may allow a remote attacker to gain unauthorized access to protected information. Specifically, when using...

CVE-2023-36004

Windows DPAPI Data Protection Application Programming Interface Spoofing Vulnerability...

CVE-2023-36004

Windows DPAPI Data Protection Application Programming Interface Spoofing Vulnerability...

Spoofing

Windows DPAPI Data Protection Application Programming Interface Spoofing Vulnerability...

CVE-2023-36004 Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

...

Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability

...

CVE-2023-42932

The CVE-2023-42932 entry describes a logic issue that could allow an app to access protected user data. Affected platforms include macOS Monterey 12.7.2, macOS Ventura 13.6.3, and macOS Sonoma 14.2, with patches released in those macOS updates. The root cause is characterized as a logic/validatio...

Microsoft Windows DPAPI Security Vulnerability

Microsoft Windows is a suite of operating systems for personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows DPAPI Data Protection Application Programming Interface. An attacker could exploit this vulnerability to perform spoofing attacks...

PT-2023-7680 · Microsoft · Windows Dhcp Server Service +1

Name of the Vulnerable Software and Affected Versions: Windows DHCP Server Service affected versions not specified Description: The vulnerability is related to insufficient protection of service data in the Windows DHCP Server Service, which can be exploited by a remote attacker to gain...

PT-2023-7776 · Microsoft · Windows Dpapi +1

Name of the Vulnerable Software and Affected Versions: Windows DPAPI affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in the Windows DPAPI component. This can allow a remote attacker to conduct spoofing attacks...

PT-2023-8109 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a lack of protection for service data in the Windows operating system's DHCP server service. This can be exploited by a remote attacker to disclose protected...

The vulnerability of the “per-user-override” function in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) microprogramming systems allows a perpetrator to bypass the configured access control list.

The vulnerability of the “per-user-override” function in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD microprogramming systems relates to insufficient protection of service data. Exploiting this vulnerability can allow a malicious actor to bypass the configured...

The vulnerability of the BoltWire content management system, related to insufficient protection of operational data, allows a hacker to gain access to confidential information.

The vulnerability of the BoltWire content management system is related to insufficient protection for operational data. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

The vulnerability of the “per-user-override” function in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) microprogramming systems allows a perpetrator to bypass the configured access control list.

The vulnerability of the “per-user-override” function in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD microprogramming systems relates to insufficient protection of service data. Exploiting this vulnerability can allow a malicious actor to bypass the configured...

The vulnerability of the Joomla! content management system lies in the lack of protection for administrative data, allowing attackers to access confidential information.

The vulnerability of the Joomla! content management system is related to the lack of protection for administrative data. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

GHSA-W4X6-HH3X-WJRX Stale copy of the public suffix list

We have identified that this project contains an out-of-date version of the Public Suffix List https://publicsuffix.org/. We are carrying out research to identify the potential impacts of using old versions of the Public Suffix List, and we intend to publish our results in academic conferences an...