265 matches found
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable due to a lack of verification of the existence of objects before performing operations on them, which can be exploited by attackers to execute code in the context of the current process...
Microsoft Azure Sphere 数据伪造问题漏洞
Microsoft Azure Sphere, a Microsoft appliance used to provide security in cloud environments, is vulnerable to a data forgery issue. The vulnerability stems from a network system or product that does not adequately verify the origin or authenticity of data. An attacker could use the falsified dat...
CVE-2021-1585
A vulnerability in the Cisco Adaptive Security Device Manager ASDM Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and...
Foxit Reader 资源管理错误漏洞
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A double release remote code execution vulnerability exists in Foxit Reader U3D file parsing. The vulnerability stems from not verifying the existence of an object before performing further release operations on it. An attacke...
CVE-2020-25846
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential...
PT-2020-12548 · Hyperledger · Hyperledger Indy Node
Name of the Vulnerable Software and Affected Versions: Hyperledger Indy Node versions prior to 1.12.4 Description: The issue is related to a lack of signature verification on a specific transaction, allowing an attacker to make unauthorized alterations to the ledger. A malicious DID with no...
CVE-2020-25490
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine...
The vulnerability of the ClearFuncs component in the configuration management system and the remote execution of SaltStack operations allows a perpetrator to gain access to confidential data.
The vulnerability of the ClearFuncs component in the configuration management system and remote execution of SaltStack operations is related to the lack of a mechanism for verifying input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential...
UBUNTU-CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...
UBUNTU-CVE-2020-13614
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...
Business Alliance Financial Circle has a logic flaw vulnerability
Business Alliance Financial Circle BAFC is a cryptocurrency.A security vulnerability exists in the 'UBSexToken' function in BAFC's smart contract implementation, which stems from the fact that the function is publicly available and does not check the identity of the caller. The vulnerability can ...
NewIntelTechMedia License Issues Vulnerabilities
NewIntelTechMedia NETM is a cryptocurrency.A security vulnerability exists in the 'NETM' function in NETM's smart contract implementation, which stems from the fact that the function does not check the identity of the caller. An attacker could use the vulnerability to modify the owner of the smar...
BOMBBA Authorization Issue Vulnerability
BOMBBA BOMB is a cryptocurrency.A security vulnerability exists in the 'quaker' function of BOMB's smart contract implementation, which stems from the fact that the function does not check the identity of the caller. An attacker could use the vulnerability to modify the owner of the smart contrac...
CVE-2020-11539
An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing mode 0 Bluetooth LE security level The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any...
The vulnerability of the Google Chrome browser’s Omnibox user interface lies in the lack of a mechanism for verifying the accuracy of entered data. This allows attackers to compromise the integrity of the data.
The vulnerability of the user interface in Google Chrome’s Omnibox is related to the lack of a mechanism for verifying the entered data. Exploiting this vulnerability allows an attacker to manipulate the integrity of data by creating a malicious HTML page...
Foxit PhantomPDF Memory Error Reference Remote Code Execution Vulnerability (CNVD-2020-10628)
PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A memory error referencing remote code execution vulnerability exists in the handling of watermarks in Foxit PhantomPDF 9.7.0.29455 and earlier versions. The vulnerability stems from a...
CVE-2020-5522
The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2019-15770
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...
PT-2019-5248 · Bittorrent +2 · Qbittorrent +2
Name of the Vulnerable Software and Affected Versions: qBittorrent versions prior to 4.1.7 Description: The issue is related to the function Application::runExternalProgram located in app/application.cpp, which allows command injection via shell metacharacters in the torrent name parameter or...
CVE-2018-16219
A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker in the same network as the device to change the admin password without authentication via a POST request...