Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. Google Android suffers from a security vulnerability that stems from a lack of bounds checking in Parseins in easmdls.c, which may write out of bounds. This could lead to the disclosure of...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA. Google Android 11 suffers from an information disclosure vulnerability. The vulnerability stems from a heap buffer overflow in getNbits of pvmp3getbits.cpp. An attacker can exploit the...

PT-2021-7457

Name of the Vulnerable Software and Affected Versions: underscore versions 1.3.2 through 1.12.1 underscore versions 1.13.0-0 through 1.13.0-2 Description: The issue is related to the template function in the underscore library, which is used for working with arrays in JavaScript. It is caused by...

Vulnerabilities fixed in Ansible

Vulnerabilities have been fixed in Ansible. The vulnerabilities allow a remote malicious party to obtain sensitive to obtain data and system information. RedHat categorizes these vulnerabilities according to the CVSSv3 method with a highest score of 5. -= Red Hat =- Red Hat has made updates...

CVE-2020-5023

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659...

CVE-2020-17436

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

The vulnerability of the APIs of the Oracle Installed Base information storage center component of the Oracle E-Business Suite, which exists due to insufficient verification of input data, allows a perpetrator to modify the data.

The vulnerability of the APIs of the Oracle Installed Base information storage center component in the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to modify, add, or...

CVE-2020-5023

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659...

The vulnerability of the vAnalytics function in the programmatically defined Cisco SD-WAN network allows a attacker to compromise data integrity.

The vulnerability of the vAnalytics function in the programmatically defined Cisco SD-WAN network is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...

Vulnerabilities fixed in Red Hat AMQ

Vulnerabilities have been fixed in Red Hat AMQ. The vulnerability with reference CVE-2020-27216 allows a local malicious person to to obtain elevated privileges. The vulnerability with attribute CVE-2020-27218 allows a remote malicious person to gain access to system data. Red Hat has released...

The vulnerability of component E1 in the IOT Orchestrator Security application of JD Edwards EnterpriseOne allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of component E1 in the JD Edwards EnterpriseOne Orchestrator Security application relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Letters component of the Oracle Argus Safety platform allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Letters component of the Oracle Argus Safety platform is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

The vulnerability of the Tasks component of the Oracle Common Applications Calendar allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Tasks component in Oracle Common Applications Calendar is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...

The vulnerability of the FTP protocol implementation on the StarOS operating system on Cisco ASR 5000 routers allows a hacker to gain unauthorized access to protected information.

The vulnerability of the FTP SFTP protocol implementation on the StarOS operating system of Cisco ASR 5000 routers is related to errors in link processing. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information from a remote location...

The vulnerabilities of the Case Form and Local Affiliate Form components of the Oracle Argus Safety platform allow a perpetrator to access or modify data.

The vulnerability of the Case Form and Local Affiliate Form components of the Oracle Argus Safety platform exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to data or modify data using specially...

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system, which allows a perpetrator to gain unauthorized access to protected information or to read, add, or delete data.

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information or to have read, add, or delet...

CVE-2020-20949

Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube UM1924. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...

CVE-2020-35929

In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data...

Hardcoded credentials

In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data...

CVE-2020-35929

In TinyCheck before commits 9fd360d and ea53de8, the installation script of the tool contained hard-coded credentials to the backend part of the tool. This information could be used by an attacker for unauthorized access to remote data...