CVE-2021-34395

CVE-2021-34395 is a local, access-permission issue in Trusty TLK (NVIDIA TLK kernel) where access to a resource may not be properly restricted for a locally privileged user. The impact described in the sources is limited information disclosure, with a low likelihood of data modification and limit...

CVE-2021-34394

Trusty contains a vulnerability in the NVIDIA OTE protocol that is present in all TAs. An incorrect message stream deserialization allows an attacker to use the malicious CA that is run by the user to cause the buffer overflow, which may lead to information disclosure and data modification...

CVE-2021-34394

CVE-2021-34394 affects NVIDIA Trusty (NVIDIA OTE protocol) used in Jetson devices. The issue is an incorrect message stream deserialization in the OTE protocol that can allow a local attacker to trigger a buffer overflow, potentially leading to information disclosure and data modification. NVIDIA...

The vulnerability in the Install and Upgrade application for managing Oracle Transportation Execution allows a malicious individual to gain access to create, modify, or delete data.

The vulnerability of the Install and Upgrade component of the Oracle Transportation Execution application relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to access, create, modify, or delete data using the HTTP protocol...

The vulnerability of the Account Hierarchy Manager component of the Oracle General Ledger financial processing system allows a hacker to gain access to create, modify, or delete data.

The vulnerability of the Account Hierarchy Manager component in the Oracle General Ledger financial processing system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to create, modify, or delete data using the HTTP protocol...

The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to execute arbitrary SQL commands and gain unauthorized access to modify data.

The vulnerability of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P web interface management interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL commands an...

CVE-2020-24516

Modification of assumed-immutable data in subsystem in IntelR CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

CVE-2020-24516

Modification of assumed-immutable data in subsystem in IntelR CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

Nuvoton TPM 1.2 Vulnerability - Lenovo Support US

No description provided...

The vulnerability of the Attachments component of the Oracle Document Management and Collaboration software, which allows a hacker to access, create, modify, or delete data.

The vulnerability of the Attachments component of the Oracle Document Management and Collaboration software lies in insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to the ability to create, modify, or delete data using the HTTP protocol...

CVE-2021-27828

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

Sql injection

SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries...

CVE-2021-27828

CVE-2021-27828 affects In4Suite ERP 3.2.74.1370, where SQL injection arises from lack of validation of externally entered SQL statements in CheckLogin.asp, enabling remote attackers to modify or delete data and cause persistent changes. Evidence includes exploit-db PoC showing crafted login paylo...

Microsoft Edge 安全特征问题漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. Microsoft Edge suffers from a security signature issue vulnerability that allows remote attackers to trick victims into visiting specially designed websites to obtain sensitive information or...

Microsoft Edge 安全特征问题漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. Microsoft Edge suffers from a security signature issue vulnerability that allows remote attackers to bypass current security restrictions and trick victims into visiting specially designed...

vFairs 跨站脚本漏洞

vFairs is a virtual event platform by vFairs Singapore. It hosts exciting online conferences, trade shows, job fairs and more. A security vulnerability exists in vFairs version 3.3 that allows any user logged in to a vFairs virtual meeting to modify any other user's information, which could lead ...

Projectsworlds College Management System 跨站请求伪造漏洞

ProjectWorlds College Management System is a college management system. projectWorlds College Management System is vulnerable to cross-site request forgery, which can be exploited by attackers to modify, delete student, faculty, teacher, subject, grade, location, and article data or create new...

The vulnerability of the “Manage Requisition Status” component in the Oracle PeopleSoft Enterprise SCM eProcurement application allows a hacker to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the “Manage Requisition Status” component in the Oracle PeopleSoft Enterprise SCM eProcurement application is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

The vulnerability of the Multichannel Framework component of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Multichannel Framework component of the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information or to...

The vulnerability of the Core component of the Oracle Advanced Supply Chain Planning application allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Core component of the Oracle Advanced Supply Chain Planning application relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information or to modify, add, or...