The vulnerability of the BMC (Baseboard Management Controller) in NVIDIA’s DGX A100 server allows a intruder to gain unauthorized access to protected information.

The vulnerability of the BMC Baseboard Management Controller in NVIDIA’s DGX A100 server lies in the lack of measures taken to neutralize specific elements in the LDAP request. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability of the HTTP-based microprogramming software service of D-Link G416 allows a hacker to gain unauthorized access to protected information.

The vulnerability of the HTTP-based microprogramming software for D-Link G416 routers lies in the insufficient handling of exceptional states. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using specially created data...

The vulnerability of the Message Queuing Client (MSMQC) on Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Message Queuing Client MSMQC on Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

CVE-2023-38612

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data...

The vulnerability of the catalog-import function of the online software development platform Red Hat Developer Hub allows a hacker to disclose protected information.

The vulnerability of the catalog-import function on the online software development platform Red Hat Developer Hub is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...

PT-2024-1032 · Microsoft · Message Queuing +1

Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing versions affected versions not specified Description: The issue is related to insufficient protection of service data in the Message Queuing component of Windows operating systems. It allows a remote attacker to gain...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML references to external objects. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the Accounts component in operating systems macOS, iOS, iPadOS, and watchOS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Accounts component in operating systems such as macOS, iOS, iPadOS, and watchOS is related to insufficient protection for registration data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of Hitachi Vantara NAS network storage systems, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to protected information.

The vulnerability of Hitachi Vantara NAS network storage systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Edge Panel component of the VMware Workspace ONE Launcher’s application launcher allows a malicious individual to escalate their privileges and gain access to protected information.

The vulnerability of the Edge Panel component of the VMware Workspace ONE Launcher software lies in the lack of protection for sensitive data. Exploiting this vulnerability can allow attackers to enhance their privileges and gain access to protected information...

The vulnerability of the Scheduled Backups function in the Nagios XI monitoring tool allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Scheduled Backups function in the Nagios XI monitoring tool is related to synchronization errors when using a shared resource during port scanning. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

CVE-2023-42932

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data...

PT-2023-7907 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.2 macOS Ventura versions prior to 13.6.3 macOS Monterey versions prior to 12.7.2 Description: A logic issue was addressed with improved checks, which may allow an app to access protected user data. The issue is...

The vulnerability of the Jenkins JIRA plugin, related to deficiencies in access control, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Jenkins JIRA plugin is related to deficiencies in access control, resulting from incorrect context determination for searching user credentials. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of Adobe Audition’s audio editor, related to reading data beyond the buffer in memory, allows a hacker to gain unauthorized access to protected information.

The vulnerability of Adobe Audition is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created malicious file...

The vulnerability of Firefox’s Reader Mode in the iOS browser allows a hacker to gain unauthorized access to protected information and perform cross-site scripting attacks.

The vulnerability of Firefox’s Reader Mode for iOS relates to the lack of measures taken to eliminate HTML tags. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information and perform cross-site scripting attacks...

The vulnerability of the JumpServer security audit system arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to gain unauthorized access to protected information and modify the contents of arbitrary files within the system.

The vulnerability of the JumpServer security audit system relates to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information and modify the contents of arbitrary...

The vulnerability of the chromedriver software for automated testing of web applications stems from the lack of measures taken to neutralize special elements used in the operating system command line. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the chromedriver software for automated testing of web applications exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protecte...

The vulnerability of the Windows operating system’s kernel allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows operating system’s kernel is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

PT-2023-8830 · WordPress · Podlove Web Player

Name of the Vulnerable Software and Affected Versions: Podlove Web Player versions through 5.7.3 Description: The issue is related to insufficient authorization procedures in the Podlove Web Player plugin for WordPress, allowing a remote attacker to impact the integrity and confidentiality of...