Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.16 views

The vulnerability of the mp_unescape03() function in the Mplayer media player, related to writing beyond the memory boundaries, allows a hacker to cause a service failure.

The vulnerability of the mpunescape03 function in the Mplayer media player is related to writing beyond the memory boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS5.9AI score0.00344EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/04 12:0 a.m.16 views

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, which allows an attacker to execute XSS attacks.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...

5.5CVSS5.5AI score0.00502EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/01 12:0 a.m.16 views

The vulnerability of the file /view/systemConfig/reboot/reboot_commit.php in the Ruijie RG-UAC router microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the file /view/systemConfig/reboot/rebootcommit.php in the Ruijie RG-UAC router microprogramming system exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to...

6.5CVSS6.9AI score0.09681EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.16 views

The vulnerability of the BPMSoft web application is related to deficiencies in access control, which allows attackers to increase their privileges within the system.

The vulnerability of the BPMSoft web application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges within the system...

6.1CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/09 12:0 a.m.16 views

The vulnerability in the `src/media_tools/avilib.c` file of the multimedia platform GPAC allows a hacker to execute arbitrary code.

The vulnerability in the src/mediatools/avilib.c file of the multimedia platform GPAC is related to the ability to write beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS8.3AI score0.01121EPSS
Exploits1References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/03/05 12:0 a.m.16 views

The vulnerability of the Apache InLong data integration platform lies in its reliance on files and directories accessible from external parties, allowing attackers to execute arbitrary code.

The vulnerability of the Apache InLong data integration platform lies in the use of files and directories accessible to external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a malicious actor to execute...

7.8CVSS7.6AI score0.01247EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.16 views

The vulnerability of the user registration function of the XWiki Platform allows a perpetrator to execute arbitrary code.

The vulnerability of the user registration function of the XWiki Platform is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.1AI score0.9348EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/14 12:0 a.m.16 views

The vulnerability in the set of tools for developing software to create Sentry-Javascript web applications arises from insufficient validation of incoming requests. This allows a hacker to perform an SSRF attack.

The vulnerability of the Sentry-Javascript software development tool for creating web applications is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

9.4CVSS6.8AI score0.00631EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.16 views

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of other software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe, are related to improper verification of cryptographic signatures. This allows attackers to increase their privileges.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibili...

7.8CVSS7.2AI score0.00146EPSS
Exploits0References3Affected Software20
BDU FSTEC
BDU FSTEC
added 2023/09/12 12:0 a.m.16 views

The vulnerability of the Redis database management system lies in the insecure management of privileges, allowing attackers to gain unauthorized access to keys that are clearly not authorized by the ACL configuration.

The vulnerability of the Redis database management system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to gain unauthorized access to keys that are clearly not authorized by the ACL configuration...

5.5CVSS6.4AI score0.0034EPSS
Exploits0References6Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/08/23 12:0 a.m.16 views

The vulnerability of Google Chrome’s Autofill function for Android allows attackers to circumvent existing security restrictions.

The vulnerability of Google Chrome’s Autofill function for Android relates to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions through a specially created HTML page...

6.5CVSS5.9AI score0.00762EPSS
Exploits0References6Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/08/15 12:0 a.m.16 views

The vulnerability of the Ffmpeg multimedia library in Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the Ffmpeg multimedia library in the Google Chrome browser is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially crafted HTML page from a remote location...

10CVSS8.1AI score0.01252EPSS
Exploits1References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.16 views

The vulnerability of the drm_mode_setcrtc() function in the drivers/gpu/drm/drm_crtc.c file of the DRM driver for the Astra Linux Special Edition operating system allows a hacker to gain access to confidential data, compromise its integrity, and cause service failure.

The vulnerability of the drmmodesetcrtc function in the drivers/gpu/drm/drmcrtc.c file of the DRM driver for the Astra Linux Special Edition operating system is related to access and manipulation of dynamically allocated uninitialized memory. Exploiting this vulnerability could allow an attacker ...

8.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/30 12:0 a.m.16 views

The vulnerability of the built-in software of the ARIS controller, related to access control errors, allows a intruder to increase their privileges within the system.

The vulnerability of the built-in software of the ARIS controller is related to access control errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges within the system...

9CVSS5.5AI score
Exploits0Affected Software10
BDU FSTEC
BDU FSTEC
added 2023/05/04 12:0 a.m.16 views

The vulnerability of the SQL ODBC plugin for the cross-platform development framework for Qt software allows a hacker to induce a service failure.

The vulnerability of the SQL ODBC plugin for the cross-platform development framework for Qt software relates to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures by using specially created data...

7.8CVSS6.7AI score0.0132EPSS
Exploits0References16Affected Software7
BDU FSTEC
BDU FSTEC
added 2023/04/27 12:0 a.m.16 views

The vulnerability of the shared host device Bluetooth function with VMware Workstation and VMware Fusion allows a attacker to execute arbitrary code.

The vulnerability of the shared-host Bluetooth device function with VMware Workstation and VMware Fusion lies in the possibility of buffer overflow attacks based on the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

9.3CVSS8.2AI score0.02036EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/04/13 12:0 a.m.16 views

The vulnerability of the Ruby interpreter’s Time library allows a hacker to cause a service failure.

The vulnerability of the Ruby interpreter’s Time library relates to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS7AI score0.02452EPSS
Exploits0References13Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.16 views

The vulnerability in the web interface for managing microprogramming software used in IPTV and VoD services, NetUP IPTV Combine, allows attackers to bypass security restrictions and gain increased privileges.

The vulnerability in the web-based administration interface of microprogramming software for IPTV and VoD services, NetUP IPTV Combine, is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain increase...

10CVSS5.5AI score
Exploits0References1Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.16 views

The vulnerability of the message exchange component of the system for loading user files in the Apex-VUZ education automation system allows a perpetrator to upload any files onto the server.

The vulnerability of the message exchange component of the system for loading user files in the Apex-VUZ education automation system is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to load malicious files onto the server...

10CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/17 12:0 a.m.16 views

The vulnerability of the Apex-VUZ education automation system, related to the use of strictly encrypted user data, allows a perpetrator to gain full access to the software environment.

The vulnerability of the Apex-VUZ education automation system is related to the use of strictly encrypted user data. Exploiting this vulnerability could allow a malicious actor to gain full access to the software environment...

10CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/30 12:0 a.m.16 views

The vulnerability of the InnoDB component of the MySQL Database Server allows a perpetrator to gain unauthorized access for reading, modifying, or deleting data, or to cause service failures.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, or to cause service failures...

7.5CVSS6.4AI score0.00817EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.16 views

The vulnerability in the driver/driver/video/fbdev/smscufx.c file of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the driver/driver/video/fbdev/smscufx.c file of Linux operating systems is related to the state of the race when a USB device is detected during the call to open. Exploiting this vulnerability can allow an attacker to cause a service failure...

4.2CVSS6.6AI score0.00309EPSS
Exploits0References32Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/12/12 12:0 a.m.16 views

The vulnerability of Moxa VPORT 06EC-2V IP camera software and Moxa VPort 461A video encoder software lies in the reading of data beyond the buffer in memory. This allows an intruder to gain unauthorized access to protected information or cause a service failure.

The vulnerability of Moxa VPORT 06EC-2V microprogrammed software for IP cameras and the Moxa VPort 461A microprogrammed software for video encoders lies in the reading of data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

10CVSS5.7AI score
Exploits0References1Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.16 views

The vulnerabilities of the merge, mergeWith, and defaultsDeep functions in the Lodash library allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the merge, mergeWith, and defaultsDeep functions in the Lodash library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

6.8CVSS6.1AI score0.01553EPSS
Exploits2References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.16 views

The vulnerability of the QPDF::processXRefStream function in the command-line utility for converting QPDF documents allows a attacker to cause a service failure.

The vulnerability of the QPDF::processXRefStream command-line utility for converting PDF documents is related to the lack of resource release after the expiration of its useful period. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS6.1AI score0.0068EPSS
Exploits1References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.16 views

The vulnerabilities of embedded images of microprogrammed control systems for DeltaV M-series/S-series/P-series controllers, as well as the DeltaV/Ovation SIS emergency protection system, allow attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of embedded images of microprogrammed control systems for DeltaV M-series/S-series/P-series controllers, as well as of the emergency protection system DeltaV/Ovation SIS, is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a maliciou...

7.8CVSS5.5AI score0.00149EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.16 views

The vulnerability of the Inter-controller protocol implementation in Honeywell’s programmable logic controllers’ microprogramming software arises from the transmission of PIN codes, user names, and passwords as plain text. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Inter-controller protocol implementation for Honeywell programmable logic controllers involves the transmission of PIN codes, user names, and passwords as plain text. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protect...

7.8CVSS5.5AI score0.00218EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/06/02 12:0 a.m.16 views

The vulnerability of the SCADA system “SKADA-NEV” lies in the unencrypted storage of critical information in memory, allowing attackers to gain access to user account data.

The vulnerability of the SCADA system “SKADA-NEV” is related to the unencrypted storage of critical information in memory. Exploiting this vulnerability can allow an intruder to gain access to user account data...

7.8CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/28 12:0 a.m.16 views

The vulnerability of Huawei HG532 Wi-Fi routers’ microprogramming software lies in insufficient validation of input data, allowing a hacker to execute arbitrary codes.

The vulnerability of Huawei HG532 Wi-Fi routers’ microprogramming software is related to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted malware packets through port 37215...

10CVSS8.4AI score0.7861EPSS
Exploits2References8
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.16 views

The vulnerability of the svx_read_header() function in the audio file reading and writing library libsndfile allows a attacker to cause a service denial.

The vulnerability of the svxreadheader function in the audio file reading and writing library libsndfile is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS5.8AI score
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.16 views

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function is related to the lack of a mechanism for converting data types. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

9.3CVSS7.6AI score0.01632EPSS
Exploits1References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.16 views

The vulnerability of the Adobe XMP-Toolkit-SDK software, related to reading beyond the buffer in memory, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Adobe XMP-Toolkit-SDK lies in the creation of temporary files with insecure permissions. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5.5CVSS6.5AI score0.0217EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.16 views

The vulnerability of the software for implementing the hypertext environment MediaWiki allows a perpetrator to compromise the integrity of the data.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the data...

7.8CVSS6.6AI score0.01943EPSS
Exploits1References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.16 views

The vulnerability of the convolution_y_10bit function in the Ffmpeg multimedia library, related to buffer overflow in memory, allows a hacker to cause a service failure.

The vulnerability of the convolutiony10bit function in the Ffmpeg multimedia library is related to buffer overflow in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

6.5CVSS6.8AI score0.01081EPSS
Exploits1References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/01/04 12:0 a.m.16 views

The vulnerability of Google Chrome’s web storage mechanism, which allows a hacker to circumvent existing security restrictions

The vulnerability of Google Chrome browser-based web storage is caused by synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to bypass existing security restrictions remotely...

10CVSS5.4AI score0.02653EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/22 12:0 a.m.16 views

The vulnerability of the Ethernet software solutions WISE-4060, Adam-6050 D, and Adam.NET Utility lies in the lack of authentication attempt limits, allowing attackers to gain full access to the device.

The vulnerability of the Microprogrammed Ethernet module WISE-4060, Adam-6050 D, and Adam.NET Utility is related to the absence of authentication attempt limits. Exploiting this vulnerability can allow a malicious actor to gain full access to the device remotely...

10CVSS5.5AI score
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/14 12:0 a.m.16 views

The vulnerability of OPPO’s 5G router, related to the insecure storage of confidential information, allows a intruder to gain unauthorized access to protected data.

The vulnerability of OPPO’s 5G router is related to the insecure storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS5.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.16 views

The vulnerability of microprogrammed software in programmable logic controllers like ioLogik, related to deficiencies in access control, allows a intruder to gain access to the device.

The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in access control. Exploiting this vulnerability can allow an intruder to gain access to the device...

6.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.16 views

The vulnerability of the microprogrammed logic controller ioLogik software, related to insufficient requirements for password complexity, allows a hacker to obtain user passwords by brute-force methods.

The vulnerability of the microprogrammed logic controller ioLogik software is related to insufficient requirements for the complexity of passwords. Exploiting this vulnerability allows a malicious actor to manually select user passwords using brute-force methods...

10CVSS5.3AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/10 12:0 a.m.16 views

The vulnerability of the WinRAR file archiver, related to the retransmission of requests to the malicious domain, allows a hacker to execute an ARP spoofing attack.

The vulnerability of the WinRAR file archiver is related to the way requests are redirected to the malicious domain when loading the dynamic library mshtml.dll. Exploiting this vulnerability allows a perpetrator to execute an “ARP spoofing” attack using a specially created malware file...

3.4CVSS5.6AI score
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/08/06 12:0 a.m.16 views

The vulnerability of the cloud-based video conversion, annotation, and format conversion application for Adobe Prelude involves an operation that goes beyond buffer boundaries into memory, allowing attackers to execute arbitrary code.

The vulnerability of the cloud-based video conversion, annotation, and format conversion application for Adobe Prelude lies in the execution of operations beyond the buffer boundaries in memory when processing media files. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

10CVSS8AI score0.02425EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/08/05 12:0 a.m.16 views

The vulnerability of the Zabbix universal monitoring system, related to deficiencies in access control, allows a intruder to bypass the authentication process on the administrator panel.

The vulnerability of the Zabbix universal monitoring system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass the administrative panel’s authentication process by sending specially crafted requests...

10CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/18 12:0 a.m.16 views

The vulnerability of the implementation of the VXLAN technology by Juniper Networks’ Modular Port Concentrator devices for Junos OS-based MX routers allows a attacker to cause a service failure.

The vulnerability of the VXLAN technology implemented by Juniper Networks’ Modular Port Concentrator for Junos OS routers of the MX series is related to insufficient checking of unusual or exceptional states when using the LACP protocol. Exploiting this vulnerability can allow a malicious actor t...

6.5CVSS6.6AI score0.00404EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/24 12:0 a.m.16 views

The vulnerability of Visual Studio Code’s source editor, related to improper code generation management, allows a hacker to execute arbitrary code.

The vulnerability of Visual Studio Code’s source editor is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and completely compromise the system using a specially created file...

9.3CVSS7.6AI score0.52751EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/04/13 12:0 a.m.16 views

The vulnerability of the AVEVA Enterprise Data Management Web (eDNA Web) software platform, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the AVEVA Enterprise Data Management Web eDNA Web software platform is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

9.6CVSS6AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.16 views

The vulnerability of the webvrpcs component allows for privilege escalation in the software of the remote monitoring system, Advantech WebAccess. This enables a perpetrator to increase their privileges.

The vulnerability of the webvrpcs component in software for remote monitoring by Advantech WebAccess relates to insecure management of privileges. Exploiting this vulnerability can allow attackers to elevate their own privileges...

7.8CVSS7.4AI score0.00547EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/01/28 12:0 a.m.16 views

The vulnerability of the parse_args() function in the Sudo system administration program allows a malicious user to elevate their privileges to root level.

The vulnerability of the parseargs function in Sudo system administration software is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

7.8CVSS7.5AI score0.99295EPSS
Exploits81References32Affected Software10
BDU FSTEC
BDU FSTEC
added 2020/11/30 12:0 a.m.16 views

The vulnerability of the web application of the enterprise automation system 1C:Enterprise lies in the lack of measures taken to protect the website structure, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the 1C:Enterprise web application lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted requests...

5.5CVSS5.2AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/19 12:0 a.m.16 views

The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box allows a hacker to trigger a maintenance failure.

The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box devices is related to an operation where data escapes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...

6.8CVSS6AI score0.01216EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/04/16 12:0 a.m.16 views

The vulnerability of the Server:Optimizer component of the MySQL database management system allows a hacker to cause a service failure.

The vulnerability of the Server:Optimizer component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using specially crafted network packets...

6.8CVSS6.3AI score0.02248EPSS
Exploits0References8Affected Software4
Total number of security vulnerabilities5000