CVE-2023-21453

Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data...

CVE-2020-0372

In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

The vulnerability of the ZimbraSyncService service in the corporate email management system, Zimbra Collaboration Suite, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the ZimbraSyncService service in the Zimbra Collaboration Suite enterprise email management system exists due to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access t...

The vulnerability of the HeaderHandler component in the Java framework of Apache Camel allows a attacker to compromise the integrity and accessibility of the protected information.

The vulnerability of the Header Handler component in the Java framework Apache Camel is related to the lack of measures taken to neutralize internal special elements. Exploiting this vulnerability allows a remote attacker to compromise the integrity and accessibility of the protected information...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sequoia versions prior to 15.4, which stems from an insufficient check and could result in access to protected user data...

The vulnerability of the FileProvider framework in operating systems such as macOS, iOS, iPadOS, and visionOS allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the FileProvider framework in operating systems such as macOS, iOS, iPadOS, and visionOS is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, are related to the possibility of exploiting memory after it is freed. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, is related to the possibility of using memory after it is freed. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of JavaScript script handlers in Google Chrome browsers allows attackers to partially compromise the accessibility of protected information.

The vulnerability of JavaScript script handlers in Google Chrome browsers relates to reading beyond the buffer boundary. Exploiting this vulnerability allows a malicious actor to partially compromise the accessibility of protected information through a specially crafted HTML page...

The vulnerability of the Paragraphs module in the Drupal CMS system, related to deficiencies in access control, allows attackers to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the Paragraphs module in the Drupal CMS system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass security restrictions and gain unauthorized access to protected information...

PT-2025-1442 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.0 through 2.3.3.7 iFix1 Description: The issue is related to deficiencies in the error reporting mechanism of IBM Cloud Pak System, which could allow a remote attacker to gain unauthorized access to protect...

The vulnerability of the Agile Integration Services component of the Oracle Agile PLM Framework’s product lifecycle management software allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Agile Integration Services component of the Oracle Agile PLM Framework’s product lifecycle management software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and...

Vulnerability of automation tools for business processes in SAP Business Workflow and SAP Flexible Workflow systems: The ability to bypass authentication by using a user-controlled key allows unauthorized users to gain unauthorized access to protected information.

Vulnerability of tools for automating business processes in SAP: SAP Business Workflow and SAP Flexible Workflow involve bypassing authentication by using a user-controlled key. Exploiting this vulnerability can allow an intruder operating remotely to gain unauthorized access to protected...

The vulnerability of the Wiki History Diff component of the Git-based software platform for collaborative code development on GitLab allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Wiki History Diff component in the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access t...

The vulnerability of the REST Views module in the Drupal CMS system, related to insufficient protection of operational data, allows attackers to gain unauthorized access to protected information.

The vulnerability of the REST Views module in the Drupal CMS system is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...

The vulnerability of the remote management interface of the Veeam Backup & Replication software for cloud, virtual, and physical systems allows a perpetrator to disclose protected information.

The vulnerability of the remote management interface of the Veeam Backup & Replication software for cloud, virtual, and physical systems is related to insufficient protection of registration data. Exploiting these vulnerabilities could allow a malicious actor to disclose the protected information...

PT-2024-9389 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint affected versions not specified Description: The issue is related to incorrect restriction of XML external entities in Microsoft SharePoint, which can be exploited by a remote attacker to gain unauthorized access to...

The vulnerability of the graphical tool for creating and supporting artificial intelligence in Microsoft Copilot Studio, related to the disclosure of information, allows unauthorized access to protected information.

The vulnerability of Microsoft Copilot Studio’s graphical tool for creating and supporting artificial intelligence is related to information disclosure. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the SMTP Server Credential Handler component in HP DesignJet printers allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SMTP Server Credential Handler component in HP DesignJet printers is related to the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of software platforms for developing and managing online stores like Magento Open Source and Adobe Commerce stems from lack of access control mechanisms. This allows attackers to bypass security measures and gain unauthorized access to protected information.

The vulnerability of software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to lack of access control. Exploiting this vulnerability can allow a malicious actor to bypass security measures and gain unauthorized access to protected informatio...