The vulnerability of the SuiteCRM customer relationship management system is related to deficiencies in authentication procedures, which allow attackers to circumvent security restrictions and gain access to read, modify, or delete data.

The vulnerability of the SuiteCRM customer relationship management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain access to read, modify, or delete data...

CVE-2024-50633

A Broken Object Level Authorization BOLA vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain...

Imagination GPU Driver 安全漏洞

Imagination GPU Driver is a graphics driver from Imagination. A security vulnerability exists in the Imagination GPU Driver that originates from kernel software installed and running in a guest virtual machine that may issue incorrect commands to the GPU firmware to read data outside of the memor...

The vulnerability of the Shopping Cart component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a software solution for automating business operations. It allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, as well as the Oracle E-Business Suite system for automating business operations, is related to deficiencies in the authentication process. Exploiti...

PT-2024-10262 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 Description: The issue is related to insufficient input validation in the Web Runtime SEC component. This easily exploitable vulnerability allows an unauthenticated attacker with networ...

CVE-2023-23354

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in...

QNAP Systems QuLog Center 跨站脚本漏洞

QNAP Systems QuLog Center is a report field at China Weilian Technology QNAP Systems that logs events reported by the system. A cross-site scripting vulnerability exists in QNAP Systems QuLog Center versions 1.5, 1.4, and 1.3 that originates from a vulnerability that could allow a remote attacker...

The vulnerability of the Apache Superset data visualization software lies in its authentication procedures’ flaws, which allow unauthorized users to gain unauthorized access to read, modify, or delete data.

The vulnerability of Apache Superset’s data visualization software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to read, modify, or delete data by sending specially crafted request...

CVE-2024-47777

GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

CVE-2024-47776 GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...

CVE-2024-47776

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gstwavparsecuechunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch...

CVE-2024-38645

A server-side request forgery SSRF vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later...

PT-2024-8865 · Unknown · Notes Station 3

Name of the Vulnerable Software and Affected Versions: Notes Station 3 versions prior to 3.9.7 Description: The issue is related to insufficient validation of incoming requests, which could allow a remote attacker to gain unauthorized access to protected information by spoofing requests on behalf...

Cisco Industrial Network Director 安全漏洞

Cisco Industrial Network Director IND is an industrial automation management system from the American company Cisco. The system automates the management of industrial Ethernet infrastructure by visualizing its operation. Cisco Industrial Network Director has a security vulnerability that stems fr...

The vulnerability of the msdosfs driver in the FreeBSD operating system, related to the use of an uninitialized resource, allows a hacker to read data from deleted system files.

The vulnerability of the msdosfs driver in the FreeBSD operating system is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a hacker to read data from deleted system files...

The vulnerability of the Docker software component for managing Brocade SANnav networks allows a hacker to read or modify protected information.

The vulnerability of the Docker software for network management in Brocade SANnav relates to the improper use of standard permissions. Exploiting this vulnerability could allow an attacker to read or modify protected information...

Grand Vice info Webopac SQL注入漏洞

Grand Vice info Webopac is an online public access catalog from China Xinxueying Info Grand Vice info. It is used for users to use library services through the Internet. A SQL injection vulnerability exists in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3, whic...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient protection of operational data. This allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read, modify, or delete access to data...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. A security vulnerability exists in Autodesk AutoCAD, which can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

Autodesk AutoCAD 安全漏洞

Autodesk AutoCAD is a set of professional 3D drawing software from the American Autodesk Corporation. Autodesk AutoCAD suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause a crash, read sensitive data, or execute arbitrary code in the context of the...