The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve an exploit that allows an attacker to bypass memory buffers, thereby enabling them to disclose protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Acrobat Reader 2020 are related to the execution of operations beyond the buffer in memory. Exploiting these vulnerabilities can allow attacke...

PT-2024-3751

Name of the Vulnerable Software and Affected Versions: Microsoft Power BI Client JavaScript SDK affected versions not specified Description: The issue is related to insufficient input validation in the Power BI client JS SDK, which can be exploited by a remote attacker to gain unauthorized access...

The vulnerability of the distributed file system (DFS) in the Windows operating system, which allows a hacker to expose protected information

The vulnerability of the distributed file system DFS in the Windows operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the Web Listener component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Listener component of the Oracle HTTP Server is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

The vulnerability of the JavaScript script handler interface in Google Chrome and Microsoft Edge browsers allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the JavaScript script handler interface in Google Chrome and Microsoft Edge browsers is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information by openin...

The vulnerability of the Campaign LOV component of the Oracle Marketing marketing platform, a part of the Oracle E-Business Suite, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Campaign LOV component of the Oracle Marketing marketing platform, a part of the Oracle E-Business Suite, involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected...

The vulnerability of the Campaign LOV component of the Oracle Marketing marketing platform, a part of the Oracle E-Business Suite, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the Campaign LOV component of the Oracle Marketing marketing platform, a part of the Oracle E-Business Suite, involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected...

The vulnerability of the Remote Access Connection Manager in Windows operating systems allows a hacker to disclose protected information.

The vulnerability of the Remote Access Connection Manager in Windows operating systems relates to operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

The vulnerability of the idxd component in the Linux operating system’s kernel allows a attacker to compromise the integrity of the protected information.

The vulnerability of the idxd component in the Linux operating system’s kernel is related to the writing of pasid when a device is disabled. Exploiting this vulnerability could allow an attacker to compromise the integrity of the protected information...

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability in the embedded Jetty server of the CData Arc (ArcESB) business process automation platform allows a perpetrator to gain unauthorized access to protected information and perform arbitrary actions within the system.

The vulnerability of the embedded Jetty server in the CData Arc ArcESB business process automation platform is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

PT-2024-6746 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: The issue is related to inadequate access control in GitLab, a collaborative coding platform. It allow...

The vulnerability of the WLAvalancheService component in the mobile device management system of Avalanche allows a hacker to disclose protected information.

The vulnerability of the WLAvalancheService component in the mobile device management system of Avalanche relates to memory-walking attacks. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information that is protected by the system...

The vulnerability of the Microsoft DWM Core Library on Windows operating systems allows attackers to gain unauthorized access to protected information.

The vulnerability of the Microsoft DWM Core Library on Windows operating systems relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the microprogrammed software of the MELSEC iQ-R Series Safety CPU and Series SIL2 Process CPU modules, related to incorrect privilege assignment, allows an intruder to gain unauthorized access to protected information.

The vulnerability of the microprogramming software for MELSEC iQ-R Series Safety CPUs and Series SIL2 Process CPUs is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information usi...

PT-2024-3358 · Netcat · Netcat

Name of the Vulnerable Software and Affected Versions: Netcat affected versions not specified Description: The issue is related to weaknesses in the authentication mechanism of the Netcat CMS system. Exploitation of this issue may allow a remote attacker to gain access to protected information...

PT-2024-2812 · Microsoft · Azure Ai Search

Name of the Vulnerable Software and Affected Versions: Azure AI Search affected versions not specified Description: The issue is related to the use of pre-installed credentials in Azure AI Search, which can be exploited to disclose protected information. Recommendations: At the moment, there is n...

PT-2024-3011 · Microsoft · Windows Remote Access Connection Manager +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Access Connection Manager affected versions not specified Description: The issue is related to a buffer overflow in memory, which can allow an attacker to disclose protected information. There is no information provided about t...

The incognito mode of the Safari browser allows for vulnerabilities in iOS and iPadOS operating systems, enabling attackers to disclose protected information.

The vulnerability of the Incognito mode in the Safari browser on iOS and iPadOS operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose protected information...