The vulnerability of the HTTP interface of Grandstream UCM6200 microprogrammed router software allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the HTTP interface of Grandstream UCM6200 microprogrammed router software is related to input validation errors. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges remotely...

The vulnerability of the getMultipartRequestHandler method in the Apache Struts software framework allows a hacker to induce a service failure.

The vulnerability of the getMultipartRequestHandler method in the Apache Struts software framework is related to resource release errors. Exploiting this vulnerability could allow an attacker to cause service failures...

The vulnerability of the SMBv2 component of the Windows operating system, which allows a hacker to trigger a service failure

The vulnerability of the SMBv2 component of the Windows operating system is related to resource management errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the Kerberos Key Distribution Center (KDC) component of the Windows operating system, which allows a perpetrator to increase their privileges

The vulnerability of the Kerberos Key Distribution Center KDC component of the Windows operating system is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of the SMBv2 component of the Windows operating system allows a perpetrator to execute arbitrary code or cause a service failure.

The vulnerability of the SMBv2 component of the Windows operating system is related to errors in code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service interruptions...

The vulnerability of Adobe Acrobat’s PDF editing software, related to errors in code generation, allows a hacker to execute arbitrary code or cause service interruptions.

The vulnerability of the Adobe Acrobat PDF editing program is related to errors in code generation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service interruptions...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from configuration and other errors in the network system or product during operation. An...

The vulnerability of Mozilla Maintenance Service allows attackers to escalate their privileges on Firefox ESR and Firefox browsers.

The vulnerability of the Mozilla Maintenance Service affects Firefox ESR and Firefox browsers due to synchronization errors when using a common resource. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of U.motion Servers and Touch Panels, related to authentication errors, allows attackers to compromise data integrity.

The vulnerability of U.motion Servers and Touch Panels is related to authentication errors. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

PT-2021-7630 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge for iOS affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing a remote attacker to conduct spoofing attacks. Recommendations: At the...

CVE-2020-9000

An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, therefore consuming the maximum amount of resources triggering a deni...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium lies in errors related to register data manipulation, allowing attackers to execute arbitrary commands.

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers such as Modicon M340, Modicon Quantum, and Modicon Premium is related to errors in controlling registration data. Exploiting this vulnerability allows an attacker to execute arbitrary commands usi...

The vulnerability of Schneider Electric’s Modbus Serial Driver for programmable logic controllers is related to errors in processing hypertext links, allowing an attacker to re-write files in the file system.

The vulnerability of Schneider Electric’s Modbus Serial Driver relates to errors in processing hypertext links. Exploiting this vulnerability could allow an attacker to re-record files in the file system...

Assumed memory layout of std::net::SocketAddr

The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

socket2 invalidly assumes the memory layout of std::net::SocketAddr

The socket2 crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

mio invalidly assumes the memory layout of std::net::SocketAddr

The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

Integer underflow in untrusted

A mistake in error handling in untrusted before 0.6.2 could lead to an integer underflow and panic if a user of the crate didn't properly check for errors returned by untrusted. Combination of these two programming errors one in untrusted and another by user of this crate could lead to a panic an...

CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

Authorization

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...