CVE-2024-29168

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

CVE-2024-20858

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application...

Security advisory: QStringConverter

QStringConverter has an invalid pointer being passed as a callback which can allow modification of the stack and has been assigned the CVE id CVE-2024-33861. Qt itself is not vulnerable to remote attack however an application using QStringDecoder either directly or indirectly can be vulnerable...

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 17.1 and iPadOS version 17.1, which stems from an application that ma...

Cross site scripting

SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker wi...

CVE-2021-42146

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive...

Code injection

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive...

CVE-2021-42146

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive...

Apple macOS Sonoma Security Vulnerability

Apple macOS Sonoma is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma version 14, which stems from an application that may be able to access sensitive user data...

PT-2023-31891 · Unknown · Bacnet Stack

Name of the Vulnerable Software and Affected Versions: BACnet Stack versions prior to 1.3.2 Description: The issue is related to a decode function APDU buffer over-read in the bacapp decode application data function in bacapp.c. This over-read occurs in versions of the BACnet Stack before 1.3.2...

Sql injection

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an SQL Injection vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database...

Apple macOS Ventura Security Vulnerability

Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura version 13.6.3, which stems from an application that may be able to access protected user data...

CVE-2023-29066 Incorrect User Management

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders...

QNAP QTS SSRF Vulnerability (QSA-23-51)

QNAP QTS is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...

QNAP QTS / QuTS hero SSRF QSA-23-51)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-51 advisory. - A server-side request forgery SSRF vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could all...

DEBIAN-CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

Server side request forgery (ssrf)

A server-side request forgery SSRF vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS...

CVE-2023-39301

CVE-2023-39301 describes an SSRF vulnerability affecting QNAP QTS/QTS Hero/QTScloud, allowing authenticated users to read application data over the network. Affected products include QTS (versions prior to 5.0.1.2514 and 5.1.1.2491+), QuTS hero (h5.0.1.2515 and h5.1.1.2488+), and QuTScloud (c5.1....

QNAP Systems QTS and QuTS hero code issue vulnerability

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems, Inc.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A code issue vulnerability exists in QNAP Systems QTS and QuTS her...

Apple macOS Security Breach

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. A security vulnerability exists in Apple macOS Sonoma version 14.1, which stems from an application that may be able to access sensitive user data...