Lucene search
K

186 matches found

CNVD
CNVD
added 2020/11/19 12:0 a.m.4 views

Cisco IoT Field Network Director SQL Injection Vulnerability

Cisco IoT Field Network Director IoT-FND is an end-to-end IoT management system from Cisco USA. The system features device management, asset tracking and smart metering. Cisco IoT Field Network Director suffers from a SQL injection vulnerability that results from insufficient input validation of...

9CVSS8.1AI score0.01565EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/11/13 12:0 a.m.6 views

The vulnerability of the Installation component of the Oracle Business Intelligence Enterprise Edition software platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Installation component of the Oracle Business Intelligence Enterprise Edition software lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP...

7.8CVSS7.5AI score0.97233EPSS
Exploits2References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/12 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to execute arbitrary code.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the IIOP protocol remotely...

10CVSS8.1AI score0.52032EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/12 12:0 a.m.7 views

The vulnerability of the Analytics Web Administration component of the Oracle Business Intelligence Enterprise Edition software allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Analytics Web Administration component of the Oracle Business Intelligence Enterprise Edition relates to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protocol...

7.5CVSS7.4AI score0.0109EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/10 12:0 a.m.4 views

The vulnerability of the Libraries component in Java SE and Java SE Embedded software platforms allows a perpetrator to gain access to modify, add, or delete data.

The vulnerability of the Libraries component in Java SE and Java SE Embedded software platforms is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data...

3.1CVSS6.4AI score0.02684EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2020/10/20 12:0 a.m.5 views

The vulnerability of the SSOAuth software process of the Senstar Symphony video surveillance management platform allows a intruder to execute arbitrary code.

The vulnerability of the SSOAuth software component in the Senstar Symphony video surveillance management platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

8.8CVSS8AI score0.02045EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/10/08 12:0 a.m.3 views

The vulnerability in the implementation of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol for the Cisco IOS XE operating system on Cisco Catalyst 9800 Series network devices allows a attacker to cause a service failure.

The vulnerability of the Control and Provisioning of Wireless Access Points CAPWAP implementation for the Cisco IOS XE operating system on Cisco Catalyst 9800 Series network devices is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to...

7.4CVSS7.2AI score0.00507EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/10/01 12:0 a.m.9 views

The vulnerability of JunOS’s High-End SRX Series routers lies in insufficient validation of input data, allowing attackers to trigger service interruptions.

The vulnerability of JunOS operating system’s High-End SRX series routers exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

7.8CVSS7.2AI score0.0144EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/09/29 12:0 a.m.8 views

The vulnerability of the Intel Converged Security and Manageability Engine implementation arises from insufficient validation of input data, allowing a perpetrator to trigger a service failure.

The vulnerability of the Intel Converged Security and Manageability Engine implementation exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

7.8CVSS7.3AI score0.01864EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.4 views

The vulnerability of the Expenses component in the PeopleSoft Enterprise FIN Expenses business application suite allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Expenses component in the PeopleSoft Enterprise FIN Expenses business application is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information or to modify,...

5.5CVSS6.6AI score0.00769EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.6 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to protected information or to modify, add, or delete data.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or to modify, add, or delete data...

6.5CVSS6.9AI score0.01116EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.6 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information from a remote location...

7.5CVSS7.4AI score0.00554EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.6 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

7.5CVSS7.3AI score0.00547EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/29 12:0 a.m.10 views

The vulnerability of the Web UIX component of the Oracle Help Technologies development and display systems allows attackers to access, modify, or delete data, or gain unauthorized access to protected information.

The vulnerability of the Web UIX component of the Oracle Help Technologies development and display system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to, modify, add, or delete data, or to obtain unauthorized access to...

8.2CVSS7.7AI score0.01404EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/03 12:0 a.m.8 views

The vulnerability of Microsoft Word for Android, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Word for Android text editor is related to insufficient validation of entered data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

9.3CVSS7.9AI score0.08045EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/06/30 12:0 a.m.7 views

The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems arises from insufficient validation of input data. This allows a malicious actor to trigger a service failure.

The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

3.3CVSS5.4AI score0.00658EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/05/15 12:0 a.m.5 views

The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component in the Oracle E-Business Suite system, which allows a malicious actor to gain read access to data and modify it.

The vulnerability of the Marketing Administration sub-component of the Oracle Marketing component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to read, modify, add, or delet...

8.2CVSS7.4AI score0.01282EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/04/29 12:0 a.m.5 views

The vulnerability of the ReadCUTImage function in the console-based image editing tool ImageMagick, related to the use of uninitialized resources, allows attackers to access confidential information or cause service failures.

The vulnerability of the ReadCUTImage function in the console-based ImageMagick graphics editor is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to gain access to confidential information or cause service failures...

8.8CVSS6.8AI score0.03291EPSS
Exploits0References16Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/04/14 12:0 a.m.5 views

The vulnerability of the CORS mechanism implementation in Google Chrome browsers, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to information.

The vulnerability of the CORS mechanism implementation in Google Chrome browser is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to information through a specially created HTML page...

7.1CVSS6.8AI score0.02004EPSS
Exploits1References16Affected Software6
BDU FSTEC
BDU FSTEC
added 2020/03/25 12:0 a.m.6 views

The vulnerability of the TempFileName parameter of the CGI script cgiRecvFile.exe in the Worry-Free Business Security antivirus protection system allows a hacker to read arbitrary files in the target system.

The vulnerability of the TempFileName parameter in the CGI executable cgiRecvFile.exe exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to read arbitrary files on the target system by sending specially crafted HTTP requests...

10CVSS7.9AI score0.04179EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder