The vulnerability of the exif_process_IFD_in_MAKERNOTE function in the EXIF interpreter for the PHP programming language allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the exifprocessIFDinMAKERNOTE function in the EXIF interpreter for the PHP programming language is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the IBM Business Process Manager system and the IBM Business Automation Workflow software lies in access control errors, which allow attackers to gain access to protected information.

The vulnerability of the IBM Business Process Manager system and the IBM Business Automation Workflow software relates to access control errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information...

A vulnerability in the web access function of the microprogramming software used in Cisco IP Phones 7800 and Cisco IP Phones 8800 allows a perpetrator to disclose protected information.

The vulnerability in the web access function of Cisco IP Phones 7800 and Cisco IP Phones 8800 is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information by sending specially crafted requests to the vulnerable...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015/Reader 2015 involve reading beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can...

Cellebrite UFED Trust Management Issues Vulnerability (CNVD-2020-51755)

Cellebrite UFED is a universal forensic product from Cellebrite Israel. The product is mainly used for data extraction, transmission and analysis of devices. A security vulnerability exists in Cellebrite UFED versions 5.0 through 7.5.0.845. An attacker could exploit the vulnerability to access...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

Hardcoded credentials

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

The vulnerability of the multimedia framework Media Foundation in Microsoft Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Media Foundation multimedia framework in Microsoft Windows operating systems relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created malicious...

The vulnerability of the software key storage mechanism of Cisco Application Services Engine allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Application Services Engine software repository is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Admidio membership management and access control application lies in the improper neutralization of special elements used in SQL commands, allowing an attacker to gain unauthorized access to protected information.

The vulnerability of the Admidio membership management and access control application lies in the improper elimination of special elements used in SQL queries. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through...

The vulnerability of Huawei’s mobile phone microprogramming software, related to security mechanism errors, allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of Huawei’s mobile phone microprogramming software is related to security mechanism errors. Exploiting this vulnerability can allow a hacker to gain unauthorized access to protected data...

The vulnerability of the Security component of the Oracle Agile PLM application, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the Security component of Oracle Agile PLM is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Installation component of the Oracle Configurator application allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Installation component of the Oracle Configurator relates to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of Oracle Siebel’s EAI and SWSE platform’s UI framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Oracle Siebel UI Framework components is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Self-Service component of the Oracle PeopleSoft Enterprise CS Campus Community application allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Self-Service component of the Oracle PeopleSoft Enterprise CS Campus Community application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Absence Management component of the Oracle PeopleSoft Enterprise HCM application allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Absence Management component of the Oracle PeopleSoft Enterprise HCM application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP...

The vulnerability of the JSE component of the Oracle Java SE software platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the JSE software platform from Oracle is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTPS protocol...

The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using...

The vulnerability of the C API component of the MySQL Database Management System client, which allows a hacker to gain unauthorized access to protected information.

The vulnerability of the C API component of the MySQL Database Management System client relates to the lack of protection for operational data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information using the MySQL network...

The vulnerability of the Web Container component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Container server component of Oracle WebLogic Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...