933 matches found
PT-2021-22374 · Octorpki +1 · Octorpki +1
Name of the Vulnerable Software and Affected Versions: OctoRPKI affected versions not specified Description: The issue allows for a slowloris DOS attack to take place, making OctoRPKI wait forever. This occurs because OctoRPKI does not limit the length of a connection. Specifically, the repositor...
PT-2021-5298 · Microsoft · Dynamics 365 On-Premises
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 On-Premises affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Dynamics 365, which can be exploited by a remote attacker using a specially crafted...
PT-2021-22728 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE affected versions not specified Description: The issue allows anonymous users to retrieve information about any GitLab user, given a user ID, by utilizing certain endpoints. Recommendations: At the moment, there is no information...
PT-2021-21940 · Taro · Taro
Name of the Vulnerable Software and Affected Versions: taro affected versions not specified Description: The issue is related to Inefficient Regular Expression Complexity. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents...
Denial Of Service (DoS)
openjdk7 is vulnerable to denial of service. An attacker is able to crash the system by using APIs in the specified Component...
PT-2021-20191 · Geutebrück · Camera Devices
Name of the Vulnerable Software and Affected Versions: Camera devices by UDP Technology, Geutebrück and other vendors affected versions not specified Description: The issue concerns command injection, which may allow an attacker to remotely execute arbitrary code. This affects multiple camera...
PT-2021-7634 · Microsoft · Edge For Android
Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: The issue is related to a lack of protection for internal data in Microsoft Edge for Android. Exploitation of this issue could allow a remote attacker to elevate their...
PT-2021-24125
Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager Cloud Service Appliance EPM CSA affected versions not specified Description: A code injection vulnerability in the Ivanti EPM Cloud Services Appliance CSA allows an unauthenticated user to execute arbitrary code with...
PT-2021-3809 · Microsoft · Office
Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Office. Exploitation of this issue may allow an attacker to execute arbitrary code using a specially craft...
PT-2021-3901 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Event Tracing service of Microsoft Windows operating systems. It allows an attacker to elevate their...
PT-2021-7818 · Xmill · Xmill
Name of the Vulnerable Software and Affected Versions: Xmill affected versions not specified Description: The issue is related to the function HandleFileArg in the Xmill XML compression tool, which is vulnerable to exploitation due to the lack of checks on user-provided input. Specifically, the...
PT-2021-5447 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...
PT-2021-5264 · Microsoft · Windows Font Driver Host +1
Name of the Vulnerable Software and Affected Versions: Windows Font Driver Host affected versions not specified Description: The issue is related to incorrect code generation management in the Windows Font Driver. It allows remote attackers to execute arbitrary code, affecting the system...
PT-2021-5232 · Microsoft · Hevc Video Extensions
Name of the Vulnerable Software and Affected Versions: HEVC Video Extensions affected versions not specified Description: The issue is related to incorrect code generation management in the application. Exploitation of this issue may allow an attacker to execute arbitrary code. Recommendations: A...
PT-2021-19754 · Qsan · Qsan Storage Manager
Name of the Vulnerable Software and Affected Versions: QSAN Storage Manager affected versions not specified Description: The issue allows remote attackers to obtain system information without permissions due to an observable behavioral discrepancy vulnerability. Recommendations: Contact QSAN and...
jenkins-2-plugins/config-file-provider: does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery (CSRF) vulnerability.
A cross-site request forgery CSRF vulnerability was found in the config-file-provider Jenkins plugin. The plugin does not require POST requests for an HTTP endpoint which allows attackers to delete configuration files corresponding to an attacker-specified ID...
CVE-2021-21665
A cross-site request forgery CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins...
PT-2021-19609 · 3D Viewer · 3D Viewer
Name of the Vulnerable Software and Affected Versions: 3D Viewer affected versions not specified Description: The issue concerns a remote code execution problem. No further details are provided about the nature of the issue, affected devices, or real-world incidents. Recommendations: At the momen...
PT-2021-3052 · Microsoft · Windows Container Manager Service +1
Name of the Vulnerable Software and Affected Versions: Windows Container Manager Service affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Container Manager Service of the Windows operating system. It allows an attacker to elevate...
PT-2021-3097 · Microsoft · Windows Desktop Bridge +1
Name of the Vulnerable Software and Affected Versions: Windows Desktop Bridge affected versions not specified Description: The issue is related to insufficient input validation in the Windows Desktop Bridge application converter, which can be exploited to cause a denial of service. This could all...