The vulnerability of the software for interacting with servers via CURL lies in the use of memory areas after they are freed, allowing an attacker to gain access to confidential data.

The vulnerability of the software for interacting with servers via CURL is related to the use of memory areas after they are freed. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

The vulnerability of the ReadXPMImage function in the coders/xpm.c component of the console-based image editing tool ImageMagick allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the ReadXPMImage function in the coders/xpm.c component of the console-based image editing tool ImageMagick involves allowing the operation to be within acceptable buffer data limits. Exploiting this vulnerability allows a remote attacker to gain access to confidential data,...

The vulnerability of the `saveBinaryCLProgram` function in the `magick/opencl.c` component of the ImageMagick console graphics editor allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the saveBinaryCLProgram function in the magick/opencl.c component of the ImageMagick console graphics editor allows for the manipulation of zero-point pointers. Exploiting this vulnerability enables a remote attacker to gain access to confidential data, compromise its...

CVE-2021-28993

Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information remote...

The vulnerability of Huawei’s microprogrammed router software arises from insufficient validation of input data, allowing attackers to disclose protected information.

The vulnerability of Huawei’s microprogrammed router software exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information that is protected by the system...

CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2021-28815

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link...

The vulnerability of the Cortado ThinPrint (TTC Parser) component in the VMware Workstation hypervisor and the VMware Horizon Client for Windows virtualization client allows a perpetrator to disclose protected information.

The vulnerability of the Cortado ThinPrint component TTC Parser, which is present in the VMware Workstation hypervisor and the VMware Horizon Client for Windows virtualization client, relates to the reading of data beyond the specified buffer. Exploiting this vulnerability allows a malicious acto...

Palo Alto Networks Prisma Cloud 日志信息泄露漏洞

Palo Alto Networks Prisma Cloud is a comprehensive cloud-native security platform from US-based Palo Alto Networks, Inc. provides cloud security services. Palo Alto Networks Prisma Cloud Compute suffers from a log information disclosure vulnerability that originates when a secret used to authoriz...

Bosch IP cameras 访问控制错误漏洞

Bosch IP cameras are German Bosch network cameras A security vulnerability in Bosch IP cameras, which stems from a lack of authentication in a critical function of the cameras, allows an unauthenticated remote attacker to extract sensitive information or change camera settings by sending a crafte...

Mozilla Firefox 数据伪造问题漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a data forgery issue that stems from the address bar search suggestion in privacy mode being a reuse of session data in normal mode, which can be exploited by remote attackers to...

Apple macOS 缓冲区错误漏洞

Apple macOS is a suite of specialized operating systems developed by Apple Inc. for Mac computers. Apple macOS suffers from a buffer error vulnerability that stems from a boundary condition in the model IO subsystem. A remote attacker could exploit the vulnerability to access potentially sensitiv...

The vulnerability of the Analytics Actions component of the Oracle Business Intelligence Enterprise Edition software lies in insufficient validation of input data. This allows attackers to gain access to modify, add, or delete data.

The vulnerability of the Analytics Actions component of the Oracle Business Intelligence Enterprise Edition software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to remotely gain access to the ability to modify, add, or delete da...

The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to modify data or cause partial service disruption.

The vulnerability of the Core server component of Oracle WebLogic Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data through HTTP requests...

The vulnerability of the Shopping Cart component of the Oracle Knowledge Management component within the Oracle E-Business Suite allows a malicious individual to access, modify, add, or delete data, as well as gain unauthorized access to protected information.

The vulnerability of the Shopping Cart component of the Oracle Knowledge Management component within the Oracle E-Business Suite involves deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain...

Vulnerabilities fixed in Xerox WorkCentre

Vulnerabilities have been fixed in Xerox WorkCentre. The vulnerabilities allow a remote malicious person to access to sensitive data and cause a denial-of-service cause. Xerox has released updates to fix the vulnerabilities. More information can be found on the page below:...

Hotels_Server 跨站脚本漏洞

HotelsServer is a backend management system for hotel reservation systems. A cross-site scripting vulnerability exists in HotelsServer version 1.0. The vulnerability originates from a program that allows remote attackers to inject data fields in the component "/controller/publishHotel.php" to...

MOXA NPort IA5150A Series 安全漏洞

Moxa NPort IA5150A Series is a set of industrial control device servers.The Moxa NPort IA5150A Series is vulnerable to a credential plaintext storage vulnerability, which can be exploited by remote attackers to submit ad hoc requests that can obtain sensitive information...

DEBIAN-CVE-2021-21211

Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2021-2239

Vulnerability in the Oracle Time and Labor product of Oracle E-Business Suite component: Timecard. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Time and...