Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace和Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace 安全漏洞

Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace and Palo Alto Networks Cortex XSOAR CommvaultSecurityIQ Marketplace are both products of Palo Alto Networks. The Palo Alto Networks Cortex XSIAM CommvaultSecurityIQ Marketplace is a security operations integration extension package...

Trend Micro Apex One和TrendAI Vision One Endpoint Security - Standard Endpoint Protection 访问控制错误漏洞

Trend Micro Apex One and TrendAI Vision One Endpoint Security – Standard Endpoint Protection are products of Trend Micro, a US-based company. Trend Micro Apex One is a terminal protection software. TrendAI Vision One Endpoint Security – Standard Endpoint Protection is an enterprise terminal...

cosign 代码问题漏洞

Cosign is a container signature, verification, and storage mechanism in the OCI registry of Sigstore, a open-source project in the United States. Versions of Cosign prior to 3.0.6 and 2.6.3 contained code vulnerabilities. These vulnerabilities stemmed from logical flaws related to incorrectly...

OpenObserve 代码问题漏洞

OpenObserve is an open-source cloud-native observability platform. Versions of OpenObserve prior to 0.70.3 have code vulnerabilities that stem from failed IPv6 address verification. This vulnerability could allow authenticated attackers to access internal services...

Lychee 代码问题漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.1 had code vulnerabilities; these vulnerabilities stemmed from incomplete IP verification checks, which failed to prevent...

Adobe Reader < 25.001.21288 Multiple Vulnerabilities (APSB26-26)

The version of Adobe Reader installed on the remote Windows host is a version prior to 25.001.21288. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could...

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A new study of integrated development environments IDEs like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. "We...

The vulnerability of UniFi Protect Camera systems lies in the lack of ability to update the firmware, allowing a violator to gain full control over the system.

The vulnerability of UniFi Protect Camera systems lies in the lack of ability to update the firmware due to incorrect verification of the certificate. Exploiting this vulnerability can allow a remote attacker to gain full control over the system...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

The vulnerability of the Request Submission and Scheduling components of the Oracle Concurrent Processing application in the Oracle E-Business Suite allows attackers to disclose sensitive information.

The vulnerability of the Request Submission and Scheduling components in Oracle Concurrent Processing of the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive...

The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—systems that enable attackers to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...

The vulnerability of the System Management Mode (SMM) implementation in Lenovo notebook software allows a hacker to escalate their privileges and execute arbitrary code.

The vulnerability of the System Management Mode SMM implementation in Lenovo notebook microprogramming software is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...

The vulnerability of the dpe microprogramming software component in MediaTek’s chips allows attackers to enhance their privileges.

The vulnerability of the dpe microprogramming software component of MediaTek’s chips is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The software for managing medical organizations like OpenEMR is vulnerable due to insufficient verification of input data, allowing attackers to compromise data privacy and integrity.

The software for managing medical organizations called OpenEMR is vulnerable due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality and integrity of data...

PT-2021-14762 · Zte · Zte Bigvideo

Name of the Vulnerable Software and Affected Versions: ZTE BigVideo analysis product affected versions not specified Description: The ZTE BigVideo analysis product has an input verification issue due to inconsistent front and back verifications when configuring the large screen page. An attacker...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to errors in verifying cryptographic signatures. These vulnerabilities allow attackers to exploit their privileges.

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to uncontrolled searching processes. Exploiting these vulnerabilities can allow attackers to execute arbitrary code within the...

The vulnerabilities of McAfee Total Protection (MTP), McAfee Anti-Virus Plus (AVP), and McAfee Internet Security (MIS) software lie in their shortcomings regarding the loading of external files and the verification of their digital signatures. This allows attackers to exploit these vulnerabilities to enhance their privileges and execute malicious code.

The vulnerabilities of McAfee Total Protection MTP, McAfee Anti-Virus Plus AVP, and McAfee Internet Security MIS are related to deficiencies in loading external files from inappropriate directories and verifying their digital signatures. Exploiting these vulnerabilities can allow attackers to...

CVE-2019-5229

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193C00E190R2P1 have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...

The vulnerability of the TCP protocol implementation of Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense micro-programming devices allows attackers to induce service failures.

The vulnerability of the TCP protocol implementation of Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending high-speed packet...