The vulnerability of the software for controlling the Geovision GV-ASManager system lies in the absence of an authentication procedure, which allows a intruder to disclose the protected information.

The vulnerability of the software for controlling the Geovision GV-ASManager access control system is related to the absence of an authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the MQTT broker in the Ruijie Reyee OS operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the MQTT broker in the Ruijie Reyee OS operating system is related to the lack of measures taken to neutralize substitution or matching symbols. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the remote management interface of the Veeam Backup & Replication software for cloud, virtual, and physical systems allows a perpetrator to disclose protected information.

The vulnerability of the remote management interface of the Veeam Backup & Replication software for cloud, virtual, and physical systems is related to insufficient protection of registration data. Exploiting these vulnerabilities could allow a malicious actor to disclose the protected information...

The vulnerability of the I-O Data Device UD-LT1 and UD-LT1/EX router microprogramming software lies in the improper assignment of permissions for critical resources, allowing a perpetrator to gain unauthorized access to protected information.

The vulnerability of the I-O Data Device UD-LT1 and UD-LT1/EX router microprogramming software is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the Wireless Wide Area Network Service (WwanSvc) in Microsoft Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Wireless Wide Area Network Service WwanSvc in Microsoft Windows operating systems is related to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Webservice API Endpoint component of the SAP Commerce Cloud platform allows a hacker to disclose protected information.

The vulnerability of the Webservice API Endpoint component of the SAP Commerce Cloud platform is related to the transmission of data in an open manner. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

The vulnerability of the Now Platform IT infrastructure management system, related to the failure to take measures to neutralize specific elements of web pages, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Now Platform IT infrastructure management system is related to the failure to take measures to neutralize specific elements of web pages. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

PT-2024-9389 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint affected versions not specified Description: The issue is related to incorrect restriction of XML external entities in Microsoft SharePoint, which can be exploited by a remote attacker to gain unauthorized access to...

The vulnerability of NextCloud Mail’s email client, related to improper access control, allows attackers to disclose protected information.

The vulnerability of NextCloud Mail’s email client stems from insufficient access control. Exploiting this vulnerability allows a malicious actor to disclose protected information from a remote location...

The vulnerability of NextCloud Mail’s email client allows unauthorized individuals to disclose confidential information, enabling attackers to expose protected data.

The vulnerability of NextCloud Mail’s email client stems from improper automatic configuration. Exploiting this vulnerability allows a malicious actor to disclose protected information remotely...

The vulnerability of the JetBrains YouTrack project management and task management software, related to the absence of an authentication process that prevents unauthorized access to protected information.

The vulnerability of the JetBrains YouTrack project and task management software lies in the absence of an authentication process when processing query parameters. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the comprehensive solution for managing user identification, access rights, and compliance with SailPoint IdentityIQ lies in improper handling of file names. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the comprehensive solution for managing user identification, access rights, and compliance with SailPoint IdentityIQ is related to incorrect handling of file names. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibili...

The vulnerability of the macsec_free_netdev() function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the macsecfreenetdev function in the drivers/net/macsec.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the OMRON CX-Motion Pro controller management program lies in the improper restriction of references to external XML entities (XXE). This allows attackers to access protected information.

The vulnerability of the OMRON CX-Motion Pro controller management program is related to an improper restriction on references to external XML entities XXE. Exploiting this vulnerability may allow a perpetrator to access protected information through a specially created project file...

The vulnerability of the static enum_func_status php_mysqlnd_rset_field_read() function in the PHP programming language allows a hacker to gain unauthorized access to protected information.

The vulnerability of the static enumfuncstatus phpmysqlndrsetfieldread function in the PHP programming language is related to insufficient protection of private data due to the operation being performed outside the buffer in memory. Exploiting this vulnerability could allow an attacker, operating...

The vulnerability of the core_table/dynamic module in the virtual learning environment Moodle allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the coretable/dynamic module in the virtual learning environment Moodle is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of Zyxel P-6101C router microprogramming software, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to protected information.

The vulnerability of Zyxel P-6101C router microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a specially crafted HTTP request...

PT-2024-9865 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 11.4.7 and earlier Adobe Connect version 12.6 Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this...

The vulnerability of the Microprogrammed Software for the Avigilon VideoIQ iCVR HD camera, related to incorrect restrictions on the path name to the restricted access directory, allows a violator to disclose protected information.

The vulnerability of the Microprogrammed Software of the Avigilon VideoIQ iCVR HD camera is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

The vulnerability of the Automatic ConfigProvider component of the Apache Kafka messaging broker allows a hacker to disclose protected information.

The vulnerability of the Automatic ConfigProvider component in the Apache Kafka messaging broker is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information that should be protected...