183 matches found
Square OkHttp can accept the wrong certificate
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
The vulnerability of the display mechanism of Blink web pages in Microsoft Edge and Google Chrome browsers allows attackers to disclose protected information.
The vulnerability of the Blink web page display mechanism in Microsoft Edge and Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
PT-2022-18952 · Bentley · Microstation Connect
Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.034 Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open ...
CVE-2022-26143
The TP-240 aka tp240dvr component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service performance degradation and excessive outbound traffic. This was exploited in the wild in February...
CVE-2022-24055
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2022-24055
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2021-46654
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
CVE-2021-46620
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2021-46630
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
CVE-2021-46624
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
CVE-2021-46623
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
CVE-2021-46593
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2021-46589
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2022-22310
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to JAX-WS applications. IBM X-Force ID: 217224...
CVE-2021-34910
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
The vulnerability in the `hw/net/tulip.c` component of the QEMU hardware emulation software involves writing beyond the buffer boundaries. This allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability in the hw/net/tulip.c component of the QEMU hardware emulation software involves writing beyond the buffer boundaries during copy operations for TX/RX data. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, a...
The vulnerability of the Adobe Digital Editions e-book reading program, related to reading beyond the buffer limit, allows a intruder to disclose protected information.
The vulnerability of the Adobe Digital Editions e-book reading software relates to reading outside the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
CVE-2021-26586
A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the...
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to reading data beyond the buffer in memory. This allows attackers to disclose protected information.
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow attackers to disclose protected informatio...
ASB-A-187231636
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation...