7688 matches found
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including. Business Objects, HANA, Netweaver and Powerdesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data...
Input validation
NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914...
CVE-2023-39915
The CVE-2023-39915 entry concerns NLnet Labs’ Routinator up to version 0.12.1, which may crash when parsing certain malformed RPKI objects. Root cause is insufficient input checking in the bcder library (the same underlying issue as CVE-2023-39914). Impact, per the citations, is availability inte...
NLnet Labs Routinator Security Breach
NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator written in the Rust language by the NLnet Labs team in the Netherlands. A security vulnerability exists in NLnet Labs Routinator version 0.12.1 and earlier, which stems from insufficient input checking and may crash whe...
PT-2023-28263 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this, where the target...
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Drools Core Deserialization of Untrusted Data vulnerability
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...
GHSA-M5Q8-58WH-XXQ4 Drools Core Deserialization of Untrusted Data vulnerability
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...
CVE-2022-1415
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-2771)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2023-28249 · Unknown · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...
PDF-XChange Editor App Object Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Oracle Linux 8 : sssd (ELSA-2019-3651)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3651 advisory. 2.2.0-19 - Resolves: rhbz1712875 - Old kerberos credentials active instead of valid new ones kcm 2.2.0-18 - Resolves: rhbz1744134 - New defect found in...
PT-2023-22196 · Electron · Electron
Name of the Vulnerable Software and Affected Versions: Electron versions prior to 22.3.6 Electron versions prior to 23.2.3 Electron versions prior to 24.0.1 Electron versions prior to 25.0.0-alpha.2 Description: Electron is a framework for writing cross-platform desktop applications using...
Zope AccessControl Information Disclosure Vulnerability
Zope AccessControl is a generic security framework used in Zope from the Zope Foundation. An information disclosure vulnerability exists in Zope AccessControl that stems from allowing a person controlling a format string to read accessible recursive objects via attribute access and subscription o...
Authorization Bypass
github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability exists because the number of objects returned with the ListObjects API are non-deterministic which allows an attacker to access unauthorized objects if the model contains expressions of type rel1 from type1...
The vulnerability of PDF-XChange Editor’s document viewing and editing software lies in the handling of an unreliable pointer, allowing attackers to execute arbitrary code.
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the handling of App objects using an untrusted pointer. Exploiting this vulnerability can allow attackers to execute arbitrary code...