3180 matches found
The vulnerability of the Media Foundation component in Windows operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Media Foundation component in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
Mitsubishi Electric MC Works64 and MC Works32 Code Injection Vulnerability
The Mitsubishi Electric MC Works64 and MC Works32 are both data acquisition and monitoring systems SCADA from Mitsubishi Electric Japan. A code injection vulnerability exists in Mitsubishi Electric MC Works64 version 4.02C 10.95.208.31 and earlier versions, and MC Works32 version 3.00A 9.50.255.0...
CVE-2020-6268
Statutory Reporting for Insurance Companies in SAP ERP EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104 does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain...
[20200704] - Core - Variable tampering via user table class
Internal read-only fields in the User table class could be modified by users...
Logic flaws exist in the YiYu enterprise building system vulnerability
Eyou content management system EyouCms belongs to Hainan Zanzan Network Technology Co., Ltd. is the newest PHP open source website management system. EyouCms has a logic flaw vulnerability that can be exploited by attackers to tamper with other users' information...
CVE-2020-6252
Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...
CVE-2020-5869
In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...
CVE-2020-5869
In BIG-IQ 5.2.0-7.0.0, high availability HA synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit...
Palo Alto Software: IDOR on update user preferences
Summary: Team member with role USER can change data of any user in the team, or steal his cookies, or steal the account of victim via forget password function. Steps To Reproduce: 1. Login in as user1 the user with role admin and invite user2 set his role to user. 2. Login in as user2, open Mail...
New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...
CVE-2019-5230
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321C00E320R1P1T8, versions earlier than Emily-AL00A 9.1.0.321C00E320R1P1T8, versions earlier than NEO-AL00D NEO-AL00 9.1.0.321C786E320R1P1T8 have an improper validation vulnerability. The system does not perform a...
Cisco IOS and IOS XE HTTP Client Resource Management Error Vulnerability
Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A resource management error vulnerability exists in the HTTP client functionality in Cisco IOS and IOS XE, which arises from a program that does not take into account TCP port information when matching...
Security Advisory - Improper Validation Vulnerability in Several Smartphones
There is an improper validation vulnerability on several smartphones. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model , successful exploit could allow the attacker to get an...
Logic Flaw Vulnerability in Original Shopping Network App
The original shopping network app is the original shopping network for mobile users free customized shopping software, there are product search, browse, collection, shopping cart, place an order, mobile payment and other functions, you can through the mobile platform, always view the latest...
CVE-2019-5502
SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has weak cryptography which when exploited could lead to information disclosure or addition or modification of data...
CVE-2019-5215
There is a man-in-the-middle MITM vulnerability on Huawei P30 smartphones versions before ELE-AL00 9.1.0.162C01E160R1P12/C01E160R2P1, and P30 Pro versions before VOG-AL00 9.1.0.162 C01E160R1P12/C01E160R2P1. When users establish connection and transfer data through Huawei Share, an attacker could...
CVE-2018-18978
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with...
DEBIAN-CVE-2017-11428
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...
The vulnerability of the Array.prototype.slice method in JIT-compiler IonMonkey of the Firefox ESR browser allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Array.prototype.slice method in JIT-compiled Firefox ESR browser software arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
Medtronic's Implantable Defibrillators Vulnerable to Life-Threatening Hacks
The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a...