6680 matches found
U.S. Dept Of Defense: Time-based blind SQL injection
A time-based blind SQL injection vulnerability was discovered in the sortBy parameter of the web application's SearchDocs.aspx functionality. The vulnerability was identified by observing differences in the server's response time when specific payloads were used. This type of vulnerability could...
CVE-2024-7826
Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrURL.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7825
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7826
Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrURL.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7824
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7824 Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7824 Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7825 Type confusion that can cause the WRSA.exe service to crash and generate a crash dump
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7825 Type confusion that can cause the WRSA.exe service to crash and generate a crash dump
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
CVE-2024-7826
The connected PT-2024-38611 entry provides concrete details for Webroot SecureAnywhere - Web Shield: the vulnerability resides in wrURL.Dll modules and is an improper check for unusual or exceptional conditions. Affected are Web Shield versions prior to 2.1.2.3 across Windows, ARM, 64-bit, and 32...
CVE-2024-7826 Unhandled exception vulnerability that can cause the WRSA.exe service to crash and generate a crash dump
Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrURL.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...
PT-2024-29302 · Veertu · Veertu Anka
Name of the Vulnerable Software and Affected Versions: Veertu Anka Build version 1.42.0 Description: A directory traversal vulnerability exists in the archive functionality of Veertu Anka. This vulnerability can be triggered by a specially crafted HTTP request, potentially leading to the disclosu...
PYSEC-2024-100
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...
CVE-2024-43795 OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`)
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. The login functionality contains a reflected cross-site scripting XSS vulnerability. This vulnerability is fixed in 5.19.0. Note: This CVE only affects Open Source Edition, and...
CVE-2024-47176
CUPS is a standards-based, open-source printing system, and cups-browsed contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. cups-browsed binds to INADDRANY:631, causing it to trust any packet from any source, and can cause t...
CVE-2024-7108
CVE-2024-7108 describes an Incorrect Authorization vulnerability in National Keep Cyber Security Services’ CyberMath. The issue allows accessing functionality that is not properly constrained by ACLs, affecting CyberMath versions prior to CYBM.240816253. The NVD/Red Hat and related sources corrob...
CVE-2023-52947
Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logo...
CVE-2023-52948
Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors...
CVE-2022-49038
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors...
CVE-2022-49038
The CVE-2022-49038 vulnerability affects Synology Drive Client, where the OpenSSL DLL component allegedly contains functionality from an untrusted control sphere that enables local users to execute arbitrary code via unspecified vectors. Affected software: Synology Drive Client versions prior to ...