Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.17 views

The vulnerability of the blacklistAction() function on the PHP software platform pimcore allows violators to perform cross-site scripting attacks.

The vulnerability of the blacklistAction function in the PHP programming platform pimcore relates to the lack of measures taken to protect the structure of web pages when processing email addresses. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.4CVSS5.6AI score0.0051EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/03 12:0 a.m.17 views

The vulnerability of the MKLogic-500 PLC configuration protocol, related to the lack of authentication for critical functions, allows attackers to alter the device’s operating logic.

The vulnerability of the MKLogic-500 PLC configuration protocol lies in the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to alter the device’s operating logic...

9.6CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/03 12:0 a.m.17 views

The vulnerability of the MKLogic-500 PLC, related to the use of pre-set credentials, allows a hacker to gain access to the contents of the FTP server.

The vulnerability of the PLK MKLogic-500 is related to the presence of pre-installed account data. Exploiting this vulnerability can allow a remote attacker to gain access to the contents of the FTP server...

9.7CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.17 views

The vulnerability of the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of Linux operating system kernels relates to how it handled the I2CSMBUSBLOCKPROCCALL scenario via the ioctl I2CSMBUS with malicious input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.7AI score0.00225EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/11/23 12:0 a.m.17 views

The vulnerability of Websoft HCM’s automation software for HR processes stems from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.

The vulnerability of Websoft HCM’s HR automation software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

7.8CVSS5.4AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.17 views

The vulnerability of the SetSysLogSettings() function in the web interface for managing D-Link DIR-1935 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the SetSysLogSettings function in the web interface for managing D-Link DIR-1935 router microprogramming software is related to the failure to sanitize the input data in the string entered by the user when processing the IPAddress element. Exploiting this vulnerability allows...

7.7CVSS7.1AI score0.01085EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/30 12:0 a.m.17 views

The vulnerability of the kernel of microprogramming software in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of microprogramming software in embedded Qualcomm chips is related to synchronization errors when using common resources. Exploiting this vulnerability can allow attackers to cause service failures or execute arbitrary code...

7.8CVSS7.4AI score0.00087EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/07/01 12:0 a.m.17 views

The vulnerability affects implementations of protocols that transmit data to Microsoft applications, Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird. This allows a perpetrator to execute arbitrary code.

The vulnerability in the implementation of protocols that transmit data to Microsoft applications, Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird is related to authentication errors in the handler for the customizable URL scheme. Exploiting this vulnerability allows a remo...

7.6CVSS5.9AI score0.00783EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.17 views

The vulnerability of the SecUsers.ini file of the controller display utility for OpenBSI allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SecUsers.ini file of the controller display utility related to OpenBSI involves storing confidential information in an unencrypted form in memory. Exploiting this vulnerability could allow a remote attacker to gain access to the user credentials...

7.8CVSS5.5AI score0.00252EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/04/28 12:0 a.m.17 views

The vulnerability of the networkd-dispatcher component, which manages connection states in Linux operating systems, and is part of the Systemd subsystem responsible for service initialization and management, allows a malicious actor to escalate their privileges or execute arbitrary code.

The vulnerability of the networkd-dispatcher component, which manages connection states and initializes services within Systemd on Linux operating systems, exists due to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow an attacker to...

8.4CVSS5.8AI score0.11667EPSS
Exploits3References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.17 views

The vulnerability of the LibreOffice office software package lies in its improper verification of the cryptographic signature, allowing a hacker to circumvent security restrictions.

The vulnerability of the LibreOffice office software package is related to incorrect verification of the cryptographic signature when using the “X509Data” and “KeyValue” values. Exploiting this vulnerability can allow an attacker to circumvent security restrictions by using a specially created OD...

6.3CVSS7.4AI score0.00965EPSS
Exploits0References12Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/01/25 12:0 a.m.17 views

The vulnerability of NETGEAR CBR750, RBK852, RBR850, and RBS850 Wi-Fi routers’ microprogramming software lies in insufficient cleaning of input data, allowing attackers to execute arbitrary commands.

The vulnerability of NETGEAR’s Wi-Fi router software, including models CBR750, RBK852, RBR850, and RBS850, lies in insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9.6CVSS8.1AI score0.01667EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.17 views

The vulnerability of the adts_decode_extradata function in the libavformat/adtsenc.c component of the FFmpeg multimedia library, related to an unvalidated return value, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the adtsdecodeextradata function in the libavformat/adtsenc.c component of the FFmpeg multimedia library is related to an unvalidated return value of initgetbits. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data, compromise its...

9.8CVSS7.2AI score0.02411EPSS
Exploits0References11Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/01/04 12:0 a.m.17 views

The software of SIEM EventLog Analyzer is vulnerable because measures are not taken to neutralize special elements used in the operating system command. This vulnerability allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the SIEM EventLog Analyzer software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system remotely...

10CVSS5.9AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/13 12:0 a.m.17 views

The vulnerability of the HEVC Video Extensions application, related to improper code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the HEVC Video Extensions application is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.7AI score0.02177EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/12/08 12:0 a.m.17 views

The vulnerability of MasterCard, Visa, and American Express payment services lies in the insufficient authorization of ARQC cryptographic algorithms generated by Apple Pay, Samsung Pay, and GPay mobile wallets. This allows attackers to use AAC cryptographic algorithms on payment services, thereby enabling them to intercept transactions when the wallet or payment terminal decides to reject a transaction.

The vulnerability of MasterCard, Visa, and American Express tokenization services is related to the insufficient authorization of ARQC cryptographic keys generated by Apple Pay, Samsung Pay, and GPay mobile wallets. Exploiting this vulnerability could allow attackers to use AAC cryptographic keys...

6.8CVSS5.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/12/01 12:0 a.m.17 views

The vulnerability of the BBCode parser in the vBulletin commercial web forum, related to the lack of protection for the website structure, allows a violator to execute arbitrary JavaScript.

The vulnerability of the BBCode parser in the vBulletin commercial web forum is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript by injecting code into messages using embedded BBCodes...

9CVSS5.9AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.17 views

The vulnerability of the check_cookie function in the web server of the programmable logic controller ioLogik, related to buffer overflow in the stack, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the checkcookie function in the web server of the programmable logic controller ioLogik is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to cause service failures or execute arbitrary code using a specially crafted reques...

10CVSS6.4AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.17 views

The vulnerability of the check_token function in the web server of the programmable logic controller ioLogik, related to buffer overflow in the stack, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the checktoken function in the web server of the programmable logic controller ioLogik is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause service failures or execute arbitrary code using a specially crafted request...

10CVSS6.3AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/11 12:0 a.m.17 views

The vulnerability of the automated information system “Registration in OO” arises from the use of pre-set user accounts, allowing a perpetrator to gain unauthorized access to protected information.

The vulnerability of the automated information system “Registration in OO” is related to the use of pre-set user accounts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

8.6CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.17 views

The vulnerabilities of the decode_mcu() and decode_mcu_fast() functions in the libjpeg-turbo library allow a hacker to cause a service failure.

The vulnerability of the decodemcu and decodemcufast functions in the libjpeg-turbo library arises from the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure by using a specially crafted file...

7.1CVSS5.9AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/09/29 12:0 a.m.17 views

The vulnerability of the Indexed DB API for browser storage interfaces in Google Chrome and Microsoft Edge allows a attacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Indexed DB API for browser-based structured data storage in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code through a specially...

10CVSS8.2AI score0.32657EPSS
Exploits0References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2021/08/17 12:0 a.m.17 views

The vulnerability of Moxa EDR-810 microcontroller software lies in the lack of measures taken to neutralize special elements used in the OS command sequence, allowing a perpetrator to execute arbitrary code.

The vulnerability of Moxa EDR-810 microcontroller-based software relates to the lack of measures taken to neutralize special elements used in the OS command sequence. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.3CVSS5.9AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.17 views

The vulnerability of the KOMPAS-3D three-dimensional modeling system, related to buffer overflow in the stack, allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the KOMPAS-3D three-dimensional modeling system is related to the buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code using a specially crafted T3D format file...

6.2CVSS6.3AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.17 views

The vulnerability of the module for creating and saving structured information about company departments in the “LOCMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCMAN:PLM, arises from the possibility of unlimited loading of dangerous files. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the module responsible for creating and saving structured information about company departments in the “LOCZMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCZMAN:PLM, relates to the unlimited loading of...

6.8CVSS6AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/25 12:0 a.m.17 views

The vulnerability of the webSetSerialOpModel function in the embedded software of the web server stems from buffer overflows in the stack due to insufficient input data processing. This allows attackers to execute arbitrary code or cause service interruptions by exploiting this vulnerability.

The vulnerability of the webSetSerialOpModel function in the embedded software of the web server is related to buffer overflows in the stack due to deficiencies in input data processing. Exploiting this vulnerability can allow an attacker to enhance their privileges, execute arbitrary code, or...

9.1CVSS6.1AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/05 12:0 a.m.17 views

The vulnerability of the SCADA system of OIK Dispetchner NT, related to deficiencies in the cryptographic algorithms used, allows a intruder to retrieve user data and increase privileges within the system.

The vulnerability of the SCADA system of OIK Dispatching Network is related to deficiencies in the cryptographic algorithms used. Exploiting this vulnerability could allow an intruder to retrieve user data and increase privileges within the system...

7.7CVSS5.5AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/04/23 12:0 a.m.17 views

The vulnerability of the memtest_preserving_test function in the memtest.c component of the Redis database management system allows a attacker to cause a service failure or execute arbitrary code by causing an operation to go beyond the buffer boundaries during the creation of an emergency dump.

The vulnerability of the memtestpreservingtest function in the memtest.c component of the Redis database management system is related to the issue where an operation is executed outside the buffer in memory when creating an emergency dump. Exploiting this vulnerability can allow a malicious actor...

8.7CVSS6.2AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.17 views

The vulnerability of the FingerTipS component in Android operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the FingerTipS component in Android operating systems relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/03/31 12:0 a.m.17 views

The vulnerability of the Web Antivirus component of Kaspersky Endpoint Security allows a perpetrator to compromise data integrity.

The vulnerability of the Web Antivirus component of Kaspersky Endpoint Security relates to insufficient checking of file paths for reparse points. Exploiting this vulnerability can allow attackers to compromise data integrity...

5.5CVSS5.5AI score
Exploits0References1Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/02/11 12:0 a.m.17 views

The vulnerability of the ziplist.c component of the Redis database management system, caused by a transaction executing outside the buffer in memory, allows an attacker to read a portion of the memory and trigger a service failure in the Redis database server.

The vulnerability of the ziplist.c component in the Redis database management system arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to read a piece of memory and trigger a service failure in the Redis database server using...

7.1CVSS5.7AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/01/26 12:0 a.m.17 views

The vulnerability of the QTextEngine::LayoutData::reallocate function in the cross-platform framework for Qt software development allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the QTextEngine::LayoutData::reallocate function in the cross-platform framework for Qt software development is related to memory corruption. Exploiting this vulnerability can allow an attacker to cause a system failure or execute arbitrary code...

8.3CVSS5.8AI score
Exploits0References1Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/01/20 12:0 a.m.17 views

The vulnerability of the TrueConf software lies in its lack of mechanisms to limit the number of authentication attempts. This allows a violator to lock out a user’s account.

The vulnerability of the TrueConf software is related to deficiencies in the mechanism for limiting the number of authentication attempts. Exploiting this vulnerability could allow a malicious actor to lock out a user’s account by attempting more than 10 unsuccessful password entries...

5.3CVSS5.5AI score
Exploits0Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/01/13 12:0 a.m.17 views

The vulnerability of the fly-qdm graphical interface, related to the shielding of output data, allows attackers to gain access to confidential information.

The vulnerability of the fly-qdm graphical interface is related to the lack of a mechanism to protect output data. Exploiting this vulnerability can allow attackers to gain access to confidential information...

4CVSS5.5AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/12/07 12:0 a.m.17 views

The vulnerability of the core.arh component of the EKRA 200 microprocessor series allows a hacker to cause a system failure.

The vulnerability of the core.arh component of the microprogramming software for PLC ERCA is related to insufficient processing of input data during updates. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted HEX/LDR file...

6.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/07/14 12:0 a.m.17 views

The vulnerability of the EKOM-3000 data collection and transmission device lies in the lack of protection for transmitted data, allowing unauthorized access to protected information by intruders.

The vulnerability of the ECOM-3000 data collection and transmission device lies in the lack of protection for the transmitted data. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to the protected information...

10CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/19 12:0 a.m.17 views

The vulnerability of the Keycloak identity and access management software lies in its reliance on pre-set registration data, allowing unauthorized users to gain unauthorized access to protected information.

The vulnerability of the Keycloak identity and access management software relates to the use of pre-set registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

9.4CVSS7.7AI score0.01718EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/05/07 12:0 a.m.17 views

The vulnerability of the PluginTIFF.cpp component in the FreeImages graphics format library, which arises from allowing the operation to be within acceptable buffer data limits, allows a hacker to cause a service failure.

The vulnerability of the PluginTIFF.cpp component in the FreeImages graphics format library is related to the execution of operations that exceed the allowable buffer data size limits. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.5AI score0.0421EPSS
Exploits1References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2020/04/14 12:0 a.m.17 views

The vulnerability in the demux/asf/asf.c component of the VideoLAN VLC media player software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the demux/asf/asf.c component of the VideoLAN VLC media player lies in the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.3CVSS7.2AI score0.01455EPSS
Exploits0References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2020/03/27 12:0 a.m.17 views

The vulnerability of TCP protocols in real-time operating systems like Wind River VxWorks allows attackers to execute arbitrary code.

The vulnerability of the TCP protocol in real-time operating systems like Wind River VxWorks is related to errors in the TCP Urgent Pointer. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted TCP packets...

10CVSS8.5AI score0.22844EPSS
Exploits0References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2020/02/11 12:0 a.m.17 views

The vulnerability of the RouterOS operating system in MikroTik routers, related to the assignment of the zero pointer, allows a hacker to cause a service failure.

The vulnerability of the RouterOS operating system for MikroTik routers exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using a specially created package...

6.3CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/08 12:0 a.m.17 views

The vulnerability of the Web Intelligence HTML interface of the SAP BusinessObjects Business Intelligence platform, related to the lack of measures for cleaning incoming data, allows attackers to execute cross-site scripting attacks.

The vulnerability of the Web Intelligence HTML interface of the SAP BusinessObjects Business Intelligence platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.6AI score0.00526EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/12/17 12:0 a.m.17 views

The vulnerability of the Skype for Business Server’s instant messaging program, related to errors in information presentation by the user interface, allows attackers to carry out spoofing attacks.

The vulnerability of the Skype for Business Server’s instant messaging program is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spam attacks remotely...

3.7CVSS5.9AI score0.01432EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2019/12/09 12:0 a.m.17 views

The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows a hacker to gain unauthorized access to protected information.

The vulnerability of Blink’s web page rendering mechanism in Google Chrome relates to bypassing the CORS Cross-origin resource sharing mechanism. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information through a specially created HTML page...

7.8CVSS7.2AI score0.00787EPSS
Exploits0References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/12/03 12:0 a.m.17 views

The vulnerability of the Cast component in Google Chrome’s browser, which arises due to insufficient validation of input data, allows attackers to conceal alerts indicating a transition to full-screen mode.

The vulnerability of the Cast component in Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to conceal a notification indicating that the mode has switched to full-screen mode using a specially created HTML page...

5CVSS6.7AI score0.01346EPSS
Exploits0References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/12/03 12:0 a.m.17 views

The vulnerability of the ResourceCoordinator component in Google Chrome allows a perpetrator to compromise the integrity, confidentiality, and accessibility of the protected information.

The vulnerability of the ResourceCoordinator component in Google Chrome browser relates to the use of memory after it is released. Exploiting this vulnerability allows an attacker to compromise the integrity, confidentiality, and accessibility of the protected information through a specially...

10CVSS7.7AI score0.01507EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/10/29 12:0 a.m.17 views

The vulnerability of the OPCTest.exe executable on the RSLinx Classic communication server allows a hacker to execute arbitrary code.

The vulnerability of the RSLinx Classic dynamic assembly library server is caused by buffer overflow in the stack. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...

8.4CVSS5.8AI score0.01573EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.17 views

The vulnerability of the PHP programming language module exif_thumbnail_extract, related to integer overflow, allows attackers to cause a service failure.

The vulnerability of the exifthumbnailextract module in the PHP programming language is related to a numerical overflow in the buffer-based queue. Exploiting this vulnerability can allow an attacker to cause service failures...

7.5CVSS6.5AI score0.08975EPSS
Exploits1References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.17 views

The vulnerability of the component for implementing remote access to the desktop based on the VNC protocol in the Astra Linux operating system, related to the incorrect use of flags during compilation, allows a hacker to trigger a service failure.

The vulnerability of the component for implementing remote access to the desktop based on the VNC protocol in the Astra Linux operating system is related to the incorrect use of flags during compilation. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

5.3CVSS5.5AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.17 views

The vulnerability of the component for integrating various authentication methods in the Astra Linux operating system allows a hacker to circumvent security policies set by the system, due to configuration errors in the password policies for user domain accounts.

The vulnerability of the component for integrating various authentication methods in the Astra Linux operating system is related to configuration errors in password policies, which result in the lack of checks to ensure that the specified restrictions on user domain account passwords are met...

6.5CVSS5.4AI score
Exploits0References1
Total number of security vulnerabilities5000