99 matches found
CVE-2021-1270
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this...
CVE-2021-1133
Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2021-22852
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter online registration to obtain database schema and data...
CVE-2020-25609
The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to view and modify user data...
Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2020-54910)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows, which can be exploite...
CVE-2020-1571
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...
CVE-2020-1554
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...
Red Hat CloudForms Access Control Error Vulnerability
Red Hat CloudForms is a hybrid infrastructure management platform from Red Hat, Inc. The platform provides deployment, management, and other capabilities across virtual machines, clouds, containers, and physical infrastructure. An access control error vulnerability exists in Red Hat CloudForms. T...
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2020-43107)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the Microsoft Windows Kernel, which aris...
Microsoft Windows Push Notification Service Elevation of Privilege Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...
Microsoft Windows Diagnostics Hub Elevation of Privilege Vulnerability
Windows Server is the brand name of a series of server operating systems released by Microsoft, which includes all Windows operating systems released under the brand name "Windows Server". An elevation of privilege vulnerability exists in Microsoft Windows Diagnostics Hub, which arises from a...
CVE-2020-12032
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI...
Broadcom CA API Developer Portal Access Control Error Vulnerability (CNVD-2020-25820)
Broadcom CA API Developer Portal is an API developer portal product of Broadcom's complete API lifecycle management solution, which provides API release control, API performance monitoring and other functions. A security vulnerability exists in Broadcom CA API Developer Portal 4.3.1 and prior...
CVE-2019-15260
A vulnerability in Cisco Aironet Access Points APs Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could...
Cisco Firepower Management Center SQL Injection Vulnerability (CNVD-2019-34714)
Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A SQL injection vulnerability exists in the web-based management interface in Cisco Firepower Management Center FMC, which stems from the program's failure to properly validate input, and...
CVE-2019-12679
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
CVE-2019-12685
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...
Use This Privacy Tool to View and Clear Your 'Off-Facebook Activity' Data
Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal, Facebook has taken several privacy measures in the past one year wit...
PT-2019-3029 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows kernel. This can be exploited by an attacker to elevate their privileges and run arbitrary code in kernel mode...
Shenzhen Dragon Brothers Digital Lock Co., Ltd. OKLOK intelligent door locks have logical design loopholes
Shenzhen Dragon Brothers Digital Lock Co. Shenzhen Dragon Brothers Digital Lock Co. OKLOK smart door lock has a logical design vulnerability. Attackers can use the vulnerability to overstep the right to view the binding information of others, access to sensitive information, but also to perform...