169 matches found
CVE-2019-0179
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...
CVE-2019-4059
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583...
The vulnerability of the microprogram code of the NCR S1 dispenser controller, related to deficiencies in the memory writing mechanism’s protection, allows a intruder to execute arbitrary code or lower the version of the device’s firmware.
The vulnerability of the microprogram code of the NCR S1 dispenser controller is related to insufficient protection of the memory writing mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code or downgrade the device’s firmware to a outdated version with known...
Siemens SIMATIC STEP 7 Information Disclosure Vulnerability
Siemens SIMATIC STEP 7 TIA Portal is a suite of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages and advanced drive technology. A security vulnerability exists in Siemens SIMATIC STEP 7 TIA Portal versions prior to...
Zyxel Multy X (AC3000 Tri-Band WiFi System) Device Backdoor Vulnerability
The Zyxel Multy X AC3000 Tri-Band WiFi System device is a wireless networking kit from Hopkins ZyXEL Technologies. A security vulnerability exists in the Zyxel Multy X AC3000 Tri-Band WiFi System device, which arises from the program failing to use the correct mechanism to protect the UART.An...
AMD Ryzen, Ryzen Pro and Ryzen Mobile File Write Vulnerability
AMD Ryzen, Ryzen Pro, and Ryzen Mobile are central processing unit CPU products from AMD in the United States. A security vulnerability exists in AMD Ryzen, Ryzen Pro, and Ryzen Mobile, which arises from a program that makes it difficult to perform adequate access control on the Secure Processor...
The vulnerability in the implementation of the anti-virus and phishing protection functions for Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows attackers to carry out phishing attacks.
The vulnerability in the implementation of malware protection functions for Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to errors in the process of checking uploaded files, which are encoded using “blob:“ and “data:“. Exploiting this vulnerability allows a malicious...
Cisco AsyncOS Software Security Bypass Vulnerability
Cisco Email Security Appliances ESAs is an email security appliance from Cisco.AsyncOS Software is the operating system used in it.Advanced Malware Protection AMP is one of the Advanced Malware Protection components. Advanced Malware Protection AMP is one of the advanced malware protection...
DEBIAN-CVE-2017-7889
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIGSTRICTDEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte and bypass slab-allocation access restrictions via an application that opens the...
The vulnerability of the Internet Explorer browser allows a perpetrator to obtain confidential information from the process memory.
The vulnerability of the Internet Explorer browser is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information from the process’s memory through a specially crafted web page...
The vulnerability of the Windows operating system allows a perpetrator to obtain confidential information from the process memory.
The vulnerability of the Uniscribe component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, acting remotely, to obtain confidential information from the process’s memory through a specially crafted web...
The vulnerability of the Android operating system, which allows a hacker to gain access to data
The vulnerability in Qualcomm’s components, including the camera driver and video driver, as well as the Android operating system, is related to the lack of protection for sensitive data. Exploiting this vulnerability allows a remote attacker to gain access to data at levels beyond their authoriz...
The vulnerability of the Mac OS X operating system allows a perpetrator to trigger a service failure or gain access to protected information.
The vulnerability of the Audio component of the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating locally, to gain access to protected information in the kernel memory or cause a service failure reading...
The vulnerability of the Microsoft OneNote note-taking software allows a perpetrator to obtain confidential information.
The vulnerability of the Microsoft OneNote note-taking software lies in the lack of protection for sensitive data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information through a specially created OneNote file...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information
The vulnerability of the SurfaceFlinger service in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to obtain confidential information through a specially created application associated with the default...
PT-2016-2425 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.366 Adobe Flash Player versions 19.x through 22.x before 22.0.0.209 Adobe Flash Player version before 11.2.202.632 on Linux Description: The issue is related to the lack of protection for internal...
The vulnerability of the Mac OS X operating system allows a perpetrator to gain access to protected information in the kernel’s memory.
The vulnerability of the AMD subsystem of the Mac OS X operating system is related to the lack of protection for system data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to protected information in the kernel’s memory through a specially created...
CVE-2016-0791
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information or bypass security mechanisms
The vulnerability of the libstagefright library in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, acting remotely, to obtain confidential information or bypass security mechanisms...
The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, and the Cisco Secure Access Control System, a software solution for access control, allows attackers to obtain confidential information.
The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, and the Cisco Secure Access Control System, a access control software, is related to the lack of protection for sensitive data. Exploiting this vulnerability can allow an attacker, operating remotel...