The vulnerability of the PrologSlurmctld and EpilogSlurmctld scripts of the SLURM resource management tool, related to privilege management errors, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the PrologSlurmctld and EpilogSlurmctld scripts in the SLURM resource management tool is related to improper handling of the environment. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failure...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficiently checking incoming requests. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient verification of incoming requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential data, compromise its...

The vulnerability of the autoindex module of the NGINX server, related to integer overflows, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the NGINX server’s autoindex module is related to incorrect processing of years with four or more digits. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

PT-2021-6545 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC versions 1.0.1 Description: The issue is related to a memory leak in the def parent box new function of the MP4Box component in the GPAC multimedia platform. This leak occurs due to incorrect memory deallocation before the last reference...

PT-2021-6519 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: The issue is related to a memory leak in the infe box read function of the MP4Box component in the GPAC multimedia platform. This allows attackers to read memory via a crafted file, potentially giving them acce...

QSW-M2116P-2T2S 安全漏洞

The Qnap Systems QSW-M2116P-2T2S is a 90-watt 10GbE PoE++ and 30-watt 2.5GbE PoE+ managed switch for Wi-Fi Generation 6 from Qnap Systems. A security vulnerability exists in QSW-M2116P-2T2S that could allow a remote attacker to read sensitive information by accessing an unrestricted storage...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to reading data beyond the buffer in memory. This allows attackers to disclose protected information.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow attackers to disclose protected informatio...

The vulnerability of the Adobe Digital Editions e-book reading program, related to reading beyond the buffer limit, allows a intruder to disclose protected information.

The vulnerability of the Adobe Digital Editions e-book reading software relates to reading outside the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

DEBIAN-CVE-2021-39152

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. ...

PT-2021-22409

Name of the Vulnerable Software and Affected Versions XStream versions prior to 1.4.18 Description XStream is a simple library to serialize objects to XML and back again. In affected versions, this issue may allow a remote attacker to request data from internal resources that are not publicly...

Prestashop SQL注入漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides a variety of payment methods, SMS alerts and product image scaling and other features. Prestashop 1.7.8 before the version of the SQL injection vulnerability , the vulnerability stems...

CVE-2021-20764

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files...

CVE-2021-26586

A potential security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to disclose sensitive information. HPE has made software updates available to resolve the...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to reading data beyond the buffer in memory. This allows attackers to disclose protected information.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow attackers to disclose protected informatio...

ASB-A-187231636

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-2393

Vulnerability in the Oracle E-Records product of Oracle E-Business Suite component: E-signatures. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle E-Records...

PT-2021-6570 · Matio +2 · Matio +2

Name of the Vulnerable Software and Affected Versions: matio versions 1.5.18 through 1.5.21 Description: The issue is related to a heap-based buffer overflow in the ReadInt32DataDouble function of the MATIO library, which can be exploited by a remote attacker to access confidential data, compromi...

The vulnerability of the Google Chrome browser’s Payment function, related to deficiencies in authentication procedures, allows attackers to compromise data integrity.

The vulnerability of the Google Chrome browser’s Payment function is related to the insufficient implementation of security policies. Exploiting this vulnerability could allow a malicious actor to compromise data integrity remotely...

The vulnerability of Google Chrome’s full-screen mode, related to insufficient validation of input data, allows a hacker to compromise data integrity.

The vulnerability of the full-screen mode of the Google Chrome browser is related to the insufficient implementation of security policies. Exploiting this vulnerability can allow a malicious actor to compromise data integrity remotely...

The vulnerability of the Python programming language’s pip module relates to deficiencies in pathname restrictions for directories, allowing attackers to compromise data integrity.

The vulnerability of the Python programming language’s pip module is related to shortcomings in pathname restrictions when specifying software for installation via URLs. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...