The vulnerability of the Glances monitoring tool arises from improper restrictions on XML links to external objects. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Glances monitoring tool is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

CVE-2022-24385

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...

Information disclosure

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...

SmarterTools SmarterTrack 安全漏洞

SmarterTools SmarterTrack is a customer service software from SmarterTools UK. It improves customer service and reduces support costs. A security vulnerability exists in SmarterTools SmarterTrack 100.0.8019.14010 that originates from direct object access in SmarterTools SmarterTrack...

CVE-2022-24385

CVE-2022-24385 describes a Direct Object Access vulnerability in SmarterTools SmarterTrack, affecting version 100.0.8019.14010 and leading to information disclosure. The connected documents confirm the affected product and version, and indicate the underlying issue is direct object access, with p...

CVE-2022-24385

A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...

CVE-2021-20321

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system...

The vulnerability of the Windows GDI component in Microsoft Windows operating systems allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the Windows GDI component in Microsoft Windows systems is related to deficiencies in access control when processing raster objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

CVE-2021-20173

Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values...

CVE-2021-43275

A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute...

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens, a German company that provides application development, testing, deployment, and iteration capabilities. A security vulnerability in Siemens Mendix allows an authenticated attacker to retrieve the changedDate property of...

CVE-2021-20321

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system...

CVE-2021-3462

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object...

UBUNTU-CVE-2021-26119

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode...

CVE-2021-26119

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode...

Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability

Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A SOAP API authorization bypass vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from insufficient authorization of the SOAP API. An attack...

Microsoft Internet Explorer Remote Code Execution Vulnerability (CNVD-2020-51782)

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Internet Explorer versions 9 and 11, which stems from the program failing to properly access memory objects. ...

CVE-2019-18998

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly...

CVE-2019-18998

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly...

CVE-2019-15978

Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system OS. For more information about...