Siemens SiPass Integrated和Siveillance Identity 安全漏洞

SiPass integrated is an access control system. With the SiPass integrated access control vulnerability, the affected application does not adequately restrict access to the internal active synopsis database. A remote attacker could exploit the vulnerability to read, modify, or delete, among other...

CVE-2021-24501

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site...

PT-2021-7535 · Samsung +1 · Samsung Mobile Devices +1

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices affected versions not specified Description: The issue is related to the use of memory after it has been freed when handling file descriptors in the Display and Enhancement Controller DECON driver of the Display...

CVE-2021-1269

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this...

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a perpetrator to gain unauthorized access to protected information, enabling read, modify, or delete operations on data.

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software lies in the absence of a authentication mechanism for accessing the database. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected informatio...

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

The vulnerability of the Estimate and Actual Charges component of the Oracle Depot Repair application allows a malicious user to gain read, modify, add, or delete access to data.

The vulnerability of the Estimate and Actual Charges component of the Oracle Depot Repair application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain read, modify, add, or delete access to data using the HTTP protoco...

CVE-2020-2787

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2019-2901

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2008-1569

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket...