The vulnerability of the decode_status_report() function in the OFono mobile communication interface, related to the issue of operations going beyond the buffer in memory, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the decodestatusreport function in the OFono mobile communication interface is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to access confidential data, compromise its integrity, and cause...

The vulnerability in implementations of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba network communication software package, related to repeated memory release, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerabilities of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba networking software package are related to repeated memory release. Exploiting these vulnerabilities can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

Vulnerability of Firefox web browsers, Firefox ESR, and Thunderbird email client, due to insufficient validation of various types of elements, allowing attackers to access confidential data

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient checking of various types of elements. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data...

CVE-2024-45412

Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in resources and may lead to denial o...

Yeti Platform 安全漏洞

Yeti Platform is a daily threat intelligence platform open-sourced by Yeti Platform. A security vulnerability exists in Yeti Platform versions prior to 2.1.11, which stems from a denial-of-service attack in which remote user-controlled data tags can be Unicode normalized via the compatibility for...

PT-2024-31615 · Yeti · Yeti

Name of the Vulnerable Software and Affected Versions: Yeti versions prior to 2.1.11 Description: The issue concerns a denial of service vulnerability. Remote user-controlled data tags can lead to Unicode normalization with a compatibility form NFKD. Under Windows, such normalization is costly in...

PT-2024-7376 · Unknown · Edonline Ems

Name of the Vulnerable Software and Affected Versions: EdOnline EMS affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure in EdOnline EMS, which could allow a remote attacker to disclose protected information. Recommendations: At t...

PT-2024-6359 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to errors in numerical truncation in the Microsoft SQL Server system, which can allow a remote attacker to gain unauthorized access to protected informatio...

PT-2024-10162 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.1.9.2954 build 20241120 QNAP QTS versions prior to 5.2.2.2950 build 20241114 QNAP QuTS hero versions prior to h5.1.9.2954 build 20241120 QNAP QuTS hero versions prior to h5.2.2.2952 build 20241116 Description: An...

CVE-2024-44817

SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS from the ZZCMS team in China. A security vulnerability exists in ZZCMS v.2023 and earlier versions. A remote attacker can exploit this vulnerability to obtain sensitive information via a specially crafted script to the pagename parameter of the admin/del.p...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, related to reading data beyond the memory limit, allows attackers to disclose protected information or cause service failures.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird involve memory overflow attacks. Exploiting these vulnerabilities can allow a remote attacker to disclose sensitive information or cause service failures...

ROS-20240826-23

A vulnerability in the Blender three-dimensional computer graphics software suite is related to the lack of validation for values less than 0. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial of...

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail versions 1.5.7 and earlier and 1.6.x before 1.6.8, which stems from an...

PT-2024-38399 · Trimble · Trimble Sketchup Pro

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Pro affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this, where the...

Mercodia Feripro 安全漏洞

Mercodia Feripro is a vacation management software from Mercodia USA. A security vulnerability exists in Mercodia Feripro 2.2.3 and earlier versions, which stems from an incorrect access control vulnerability in /admin/programm//export/statistics, which could allow a remote attacker to export an...

CVE-2024-39832

Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5, 9.8.x = 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abusing dangerous error handling, when share channels were enabled...

The vulnerability of the Apache HTTP Server’s web server kernel allows attackers to disclose protected information.

The vulnerability of the Apache HTTP Server’s kernel is related to the fact that outdated handler configurations are ignored by the “AddType” feature. Exploiting this vulnerability allows a malicious actor to disclose sensitive information remotely...

The vulnerability of the /downloadFile.php web interface of Netgear WN604 software, which allows a hacker to disclose protected information

The vulnerability of the /downloadFile.php web interface of Netgear WN604 router software lies in the insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor to disclose protected information from a remote location...

The vulnerability in the web-based client of IBM Datacap Navigator software for document collection and processing involves the use of cryptographic algorithms that contain defects, allowing attackers to decrypt confidential information.

The vulnerability of the IBM Datacap Navigator software for document collection and processing lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker to decrypt confidential information remotely...