97 matches found
SUSE CVE-2017-2363
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain...
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
CVE-2022-32880
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.5. An app may be able to access user-sensitive data...
Vulnerabilities fixed in Zoom
Vulnerabilities have been fixed in Zoom. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Access to sensitive data Increased user privileges Zoom has released updates to fix...
Vulnerabilities fixed in FreeBSD
Several vulnerabilities have been fixed in FreeBSD. The vulnerabilities allow a malicious person, potentially unauthenticated remote, be able to carry out attacks resulting in the following categories of damage: Bypassing authentication Bypassing security measure Accessing sensitive data Access t...
Adobe Experience Manager Blind Server-Side Request Forgery Vulnerability
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
PT-2020-6400 · Drupal · Drupal Core
Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.8 Drupal Core versions prior to 8.9.1 Drupal Core versions prior to 9.0.1 Description: The issue is related to improper authorization in the Drupal Core JSON:API module when the read only setting is set to...
CVE-2020-7134
A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP versions: 1.4.0, 1.4.1, 1.4.2, 1.2.4.2...
CVE-2019-15255
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it...
MGASA-2018-0198 Updated libvncserver packages fix security vulnerability
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...
CVE-2016-2019
HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2020, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030...
McAfee Advanced Threat Defense Information Disclosure Vulnerability (CNVD-2015-02280)
McAfee Advanced Threat Defense provides advanced threat defense that defends against advanced malware, including zero-day persistent threats and advanced persistent threats. McAfee Advanced Threat Defense fails to properly restrict access, allowing remotely authenticated attackers to gain access ...
CVE-2004-2455
Sweex Wireless Broadband Router/Accesspoint 802.11g LC000060 allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file...
CVE-2002-1555
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information...
vAuthenticate 2.8 - SQL Injection
vAuthenticate 2.8 - SQL Injection source: https://www.securityfocus.com/bid/6605/info A vulnerability has been discovered in vAuthenticate. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attack...
RealServer 5.06.07.0 - Memory Contents Disclosure
RealServer 5.06.07.0 - Memory Contents Disclosure source : https://www.securityfocus.com/bid/1957/info RealServer is a popular streaming audio and video server from Real Networks. A vulnerability exists in all versions of RealServer 7 and below that could allow a remote attacker to gain...
CVE-2018-4611
...