68 matches found
CVE-2021-27493
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...
Design/Logic Flaw
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component...
Insertion of Sensitive Information into Log File in Apache Geode
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...
Information Disclosure
geode-core is vulnerable to information disclosure. The vulnerability exists through the ArgumentRedactor function when the values are begin with characters other than letters or numbers for passwords and security properties, its leads to expose sensitive information through log files...
Design/Logic Flaw
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...
Incorrect Comparison in sodiumoxide
An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...
Code injection
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 February 2021...
CVE-2021-26688
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 February 2021...
CVE-2019-25002
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...
CVE-2019-25002
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...
CVE-2019-25002
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties...
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
Tested on macOS Mojave 10.14.6, 18G87 and Catalina Beta 10.15 Beta 19A536g. On macOS, the dyld shared cache in /private/var/db/dyld/ is generated locally on the system and therefore doesn't have a real code signature; instead, SIP seems to be the only mechanism that prevents modifications of the...
SUSE-SU-2018:3921-1 Security update for java-1_7_1-ibm
java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 bsc1116574: Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-31...
Apache Syncope 2.0.7 - Remote Code Execution
Apache Syncope 2.0.7 - Remote Code Execution Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory:...
Bounded Model Checking Framework for Heap-implementations: HeapHopper
Heap metadata attacks have become one of the primary ways in which attackers exploit memory corruption vulnerabilities. While heap implementation developers have introduced mitigations to prevent and detect corruption, it is still possible for attackers to work around them. In part, this is becau...
rbndr - Simple DNS Rebinding Service
rbndr is a very simple, non-conforming, name server for testing software against DNS rebinding vulnerabilities. The server responds to queries by randomly selecting one of the addresses specified in the hostname and returning it as the answer with a very low ttl...
CVE-2016-3574
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3575, CVE-2016-357...
Unspecified Vulnerability in Oracle Sun Solaris (CNVD-2015-06814)
Oracle Sun Solaris is a set of Unix-like operating systems from Oracle. An unspecified vulnerability exists in Oracle Sun Solaris 11.2. The vulnerability allows local users to affect confidentiality, integrity, and availability via unspecified vectors related to utilities/security...
JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503...
OpenJDK: Better access restrictions (Sound, 8006328)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...