Lucene search
+L

169 matches found

osv
osv
added 2019/06/13 4:29 p.m.8 views

CVE-2019-0179

Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access...

4.4CVSS5.8AI score0.00252EPSS
Exploits0References1
osv
osv
added 2019/02/15 8:29 p.m.4 views

CVE-2019-4059

IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583...

9.8CVSS7.1AI score
Exploits0References2
bdu_fstec
bdu_fstec
added 2019/01/28 12:0 a.m.7 views

The vulnerability of the microprogram code of the NCR S1 dispenser controller, related to deficiencies in the memory writing mechanism’s protection, allows a intruder to execute arbitrary code or lower the version of the device’s firmware.

The vulnerability of the microprogram code of the NCR S1 dispenser controller is related to insufficient protection of the memory writing mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code or downgrade the device’s firmware to a outdated version with known...

7.8CVSS7.7AI score0.01246EPSS
Exploits0References4Affected Software1
cnvd
cnvd
added 2018/11/16 12:0 a.m.7 views

Siemens SIMATIC STEP 7 Information Disclosure Vulnerability

Siemens SIMATIC STEP 7 TIA Portal is a suite of programming software for SIMATIC controllers from Siemens, Germany. The software provides PLC programming, design option packages and advanced drive technology. A security vulnerability exists in Siemens SIMATIC STEP 7 TIA Portal versions prior to...

5.5CVSS5.4AI score0.0024EPSS
Exploits0References1
cnvd
cnvd
added 2018/04/20 12:0 a.m.5 views

Zyxel Multy X (AC3000 Tri-Band WiFi System) Device Backdoor Vulnerability

The Zyxel Multy X AC3000 Tri-Band WiFi System device is a wireless networking kit from Hopkins ZyXEL Technologies. A security vulnerability exists in the Zyxel Multy X AC3000 Tri-Band WiFi System device, which arises from the program failing to use the correct mechanism to protect the UART.An...

7.2CVSS6.8AI score0.00474EPSS
Exploits1References1
cnvd
cnvd
added 2018/03/28 12:0 a.m.5 views

AMD Ryzen, Ryzen Pro and Ryzen Mobile File Write Vulnerability

AMD Ryzen, Ryzen Pro, and Ryzen Mobile are central processing unit CPU products from AMD in the United States. A security vulnerability exists in AMD Ryzen, Ryzen Pro, and Ryzen Mobile, which arises from a program that makes it difficult to perform adequate access control on the Secure Processor...

9.3CVSS6.8AI score0.01717EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2018/02/07 12:0 a.m.4 views

The vulnerability in the implementation of the anti-virus and phishing protection functions for Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows attackers to carry out phishing attacks.

The vulnerability in the implementation of malware protection functions for Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to errors in the process of checking uploaded files, which are encoded using “blob:“ and “data:“. Exploiting this vulnerability allows a malicious...

8.3CVSS7.7AI score0.01232EPSS
Exploits0References15Affected Software10
cnvd
cnvd
added 2017/09/08 12:0 a.m.3 views

Cisco AsyncOS Software Security Bypass Vulnerability

Cisco Email Security Appliances ESAs is an email security appliance from Cisco.AsyncOS Software is the operating system used in it.Advanced Malware Protection AMP is one of the Advanced Malware Protection components. Advanced Malware Protection AMP is one of the advanced malware protection...

5.8CVSS5.8AI score0.01638EPSS
Exploits0References1
osv
osv
added 2017/04/17 12:59 a.m.3 views

DEBIAN-CVE-2017-7889

The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIGSTRICTDEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte and bypass slab-allocation access restrictions via an application that opens the...

7.8CVSS7.6AI score0.00308EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2017/04/06 12:0 a.m.11 views

The vulnerability of the Internet Explorer browser allows a perpetrator to obtain confidential information from the process memory.

The vulnerability of the Internet Explorer browser is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information from the process’s memory through a specially crafted web page...

4.3CVSS6.3AI score0.3962EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2017/03/31 12:0 a.m.12 views

The vulnerability of the Windows operating system allows a perpetrator to obtain confidential information from the process memory.

The vulnerability of the Uniscribe component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, acting remotely, to obtain confidential information from the process’s memory through a specially crafted web...

4.3CVSS5.8AI score0.42124EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2017/02/17 12:0 a.m.7 views

The vulnerability of the Android operating system, which allows a hacker to gain access to data

The vulnerability in Qualcomm’s components, including the camera driver and video driver, as well as the Android operating system, is related to the lack of protection for sensitive data. Exploiting this vulnerability allows a remote attacker to gain access to data at levels beyond their authoriz...

2.6CVSS6AI score0.00742EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2016/09/19 12:0 a.m.7 views

The vulnerability of the Mac OS X operating system allows a perpetrator to trigger a service failure or gain access to protected information.

The vulnerability of the Audio component of the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating locally, to gain access to protected information in the kernel memory or cause a service failure reading...

4.9CVSS6.6AI score0.00325EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2016/08/23 12:0 a.m.8 views

The vulnerability of the Microsoft OneNote note-taking software allows a perpetrator to obtain confidential information.

The vulnerability of the Microsoft OneNote note-taking software lies in the lack of protection for sensitive data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information through a specially created OneNote file...

4.3CVSS6.2AI score0.3015EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2016/08/23 12:0 a.m.12 views

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the SurfaceFlinger service in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to obtain confidential information through a specially created application associated with the default...

4.3CVSS6.2AI score0.00454EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2016/07/12 12:0 a.m.2 views

PT-2016-2425 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 18.0.0.366 Adobe Flash Player versions 19.x through 22.x before 22.0.0.209 Adobe Flash Player version before 11.2.202.632 on Linux Description: The issue is related to the lack of protection for internal...

9.3CVSS7.1AI score0.36456EPSS
Exploits26References291
bdu_fstec
bdu_fstec
added 2016/06/09 12:0 a.m.7 views

The vulnerability of the Mac OS X operating system allows a perpetrator to gain access to protected information in the kernel’s memory.

The vulnerability of the AMD subsystem of the Mac OS X operating system is related to the lack of protection for system data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to protected information in the kernel’s memory through a specially created...

4.3CVSS6.6AI score0.00834EPSS
Exploits0References3Affected Software1
osv
osv
added 2016/04/07 11:59 p.m.6 views

CVE-2016-0791

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach...

9.8CVSS9.4AI score
Exploits0References3
bdu_fstec
bdu_fstec
added 2016/03/11 12:0 a.m.5 views

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information or bypass security mechanisms

The vulnerability of the libstagefright library in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, acting remotely, to obtain confidential information or bypass security mechanisms...

5CVSS5.5AI score0.00643EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2016/03/11 12:0 a.m.5 views

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, and the Cisco Secure Access Control System, a software solution for access control, allows attackers to obtain confidential information.

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, and the Cisco Secure Access Control System, a access control software, is related to the lack of protection for sensitive data. Exploiting this vulnerability can allow an attacker, operating remotel...

4CVSS5.5AI score0.02064EPSS
Exploits0References2
Rows per page
Query Builder