Lucene search
K
Bdu FstecMost viewed

90336 matches found

BDU FSTEC
BDU FSTEC
added 2023/01/20 12:0 a.m.12 views

The vulnerability of the CIFS file system’s arbitrary utility command, related to the lack of measures for cleaning input data, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the CIFS file system’s arbitrary utility command related to the lack of measures for cleaning input data. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

7CVSS6.5AI score0.00652EPSS
Exploits1References12Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/12/30 12:0 a.m.12 views

The vulnerability of the remote access tool for VMware Workspace ONE Assist exists due to the lack of security measures taken to protect the website structure. This allows attackers to carry out XSS attacks.

The vulnerability of the remote access tool for VMware Workspace ONE Assist exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

6.4CVSS7.2AI score0.00434EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/28 12:0 a.m.12 views

The vulnerability of Huawei FusionCube’s supervisor, related to incorrect restrictions on the path name to the restricted access catalog, allows a intruder to disclose protected information.

The vulnerability of Huawei FusionCube relates to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information through a specially crafted HTTP request...

7.8CVSS7.2AI score0.00828EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/24 12:0 a.m.12 views

The vulnerability of the Fax Compose Form component in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Fax Compose Form component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7.3AI score0.00515EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.12 views

The vulnerability of the “Language” parameter in the web interface of the POWER METER SICAM Q100 microprogramming system allows a hacker to disable the device (with subsequent automatic reboot) or execute arbitrary code.

The vulnerability of the “Language” parameter in the web interface of the POWER METER SICAM Q100 microprogramming system for power measurement devices is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disable the device remotely, causing it to...

9CVSS7.3AI score0.01488EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.12 views

The vulnerability of the microprogramming software of the AMI MegaRAC Baseboard Management Controller (BMC) allows a intruder to gain full access to the device.

The vulnerability of the microprogramming software of the AMI MegaRAC Baseboard Management Controller BMC relates to the use of rigidly encrypted credentials. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain full access to the device via SSH...

8.3CVSS8.2AI score0.00655EPSS
Exploits0References5Affected Software7
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.12 views

The vulnerability of the uapi_finalize() function in the drivers/infiniband/core/uverbs_uapi.c file of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the uapifinalize function in the drivers/infiniband/core/uverbsuapi.c file of the Linux kernel is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00214EPSS
Exploits0References12Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.12 views

The vulnerability of the UDF file system functionality in Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability of the UDF file system functionality in Linux operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.5AI score0.00282EPSS
Exploits0References21Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.12 views

The vulnerability in the driver drivers/usb/mon/mon_bin.c of Linux operating systems allows a hacker to execute arbitrary code.

The vulnerability in the driver drivers/usb/mon/monbin.c of Linux operating systems arises from the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.4AI score0.00325EPSS
Exploits0References16Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.12 views

The vulnerability in the driver drivers/char/pcmcia/synclink_cs.c of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/char/pcmcia/synclinkcs.c file of Linux operating systems is related to the behavior during the removal of a PCMCIA device when the ioctl function is called. Exploiting this vulnerability could allow an attacker to cause a service failure...

4.2CVSS6.6AI score0.00243EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.12 views

The vulnerability of the jlink_init() function (monitor/jlink.c) in Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the jlinkinit function monitor/jlink.c in Linux operating systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00257EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.12 views

Vulnerability of the intr_callback() function (drivers/net/usb/r8152.c) in Linux operating system kernels, allowing a hacker to cause a service failure

The vulnerability of the intrcallback function drivers/net/usb/r8152.c in Linux operating systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.8CVSS6.6AI score0.02211EPSS
Exploits0References33Affected Software9
BDU FSTEC
BDU FSTEC
added 2022/11/22 12:0 a.m.12 views

The vulnerability of the Dict::find() function in the Dict.cc component of the Poppler PDF handling library allows a attacker to cause a service failure.

The vulnerability of the Dict::find function in the Dict.cc component of the Poppler PDF handling library is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using a specially created PDF file...

7.1CVSS6.9AI score0.02251EPSS
Exploits1References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/11/22 12:0 a.m.12 views

The vulnerability in the open-source development environment for UEFI EDK2, related to uncontrolled recursion, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of open-source development environments for UEFI EDK2 is related to uncontrolled recursion. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...

7.8CVSS6.2AI score0.00399EPSS
Exploits1References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.12 views

The vulnerability of the ConfigFileUpload() function in the web interface for managing D-Link DIR-1935 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the ConfigFileUpload function in the web interface for managing D-Link DIR-1935 router microprogramming software is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.7CVSS7.1AI score0.00813EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.12 views

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.01539EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.12 views

The vulnerability of the Microsoft Windows Sysmon system service, related to access control deficiencies, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Windows Sysmon system service is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.3AI score0.01082EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.12 views

The vulnerabilities of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server are due to insufficient validation of input data. This allows attackers to disclose protected information.

The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to disclose sensitive information...

5.5CVSS6.5AI score0.00739EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.12 views

The vulnerability of the Windows Scripting Languages component of the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Scripting Languages component of the Windows operating system exists due to insufficient checking of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.6CVSS8.1AI score0.01064EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/11/15 12:0 a.m.12 views

The vulnerability in the web interface of the Cisco BroadWorks CommPilot Application Software allows a attacker to perform an SSRF attack.

The vulnerability of the Cisco BroadWorks CommPilot Application Software’s web interface is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack using a specially crafted HTTP request...

7.7CVSS6.7AI score0.01873EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/28 12:0 a.m.12 views

The vulnerability of the FortiTester software-based diagnostic and audit tools for computer networks, as well as the FortiAnalyzer tool for event monitoring and analysis, stems from the lack of protective measures taken for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the FortiTester software for diagnosing and auditing computer networks, as well as the FortiAnalyzer software for monitoring and analyzing security events, is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow...

5.5CVSS5.6AI score0.00851EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/10/28 12:0 a.m.12 views

The vulnerability of the Fortinet FortiNAC access control device lies in its lack of measures to protect the website structure, allowing attackers to execute cross-site scripting attacks.

The vulnerability of the Fortinet FortiNAC network access control device is related to the lack of protection for the website structure when processing the User ID parameter for the administrator. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.1CVSS6AI score0.01154EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/20 12:0 a.m.12 views

The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.

The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...

10CVSS6.7AI score0.0083EPSS
Exploits0References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/10/18 12:0 a.m.12 views

The vulnerability in the web interface of Cisco Expressway micro-programming software and Cisco TelePresence Video Communication Server micro-programming device management software allows a attacker to perform a CSRF attack.

The vulnerability in the web interface of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server control devices is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a...

7.8CVSS5.4AI score0.00615EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/10/03 12:0 a.m.12 views

The vulnerability of the LibXfont library lies in the improper definition of symbolic links before accessing the file, allowing attackers to trigger a service failure.

The vulnerability of the LibXfont library is related to the incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability allows an attacker to cause service failures...

5.5CVSS6.4AI score0.0042EPSS
Exploits0References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/09/30 12:0 a.m.12 views

The vulnerability of the JBIG2Stream::readTextRegionSeg() function in the JBIG2 decoder for PDF file rendering by Poppler allows a malicious actor to cause a service failure or execute arbitrary code.

The vulnerability of the JBIG2Stream::readTextRegionSeg function in the JBIG2 decoder for processing PDF files with Poppler is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure or execute arbitrary code by opening a specially created PDF...

7.8CVSS7.7AI score0.00574EPSS
Exploits1References22Affected Software8
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.12 views

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

6.8CVSS6.9AI score0.00551EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.12 views

The vulnerability of the Corosync/Pacemaker PCS configuration tool is related to deficiencies in the authentication process, which allows attackers to escalate their privileges.

The vulnerability of the Corosync/Pacemaker PCS configuration tool is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9CVSS7.2AI score0.01825EPSS
Exploits1References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.

The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to the use of an untrusted indicator. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.8CVSS7.6AI score0.00288EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W allows a perpetrator to execute arbitrary commands or cause service failures.

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W arises from the copying of buffers without checking the size of the input data during the processing of user fields in incoming HTTP packets. Exploiting...

6.5CVSS7.5AI score0.01081EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.12 views

The vulnerability of the Horner Automation Cscape EnvisionRV software lies in insufficient validation of input data, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Horner Automation Cscape EnvisionRV software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

9.3CVSS7AI score0.00685EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.12 views

The vulnerability of the MiUI mobile operating system in devices like Redmi Note 11 and Redmi Note 9T, related to writing beyond the buffer in memory, allows a hacker to trigger a service failure.

The vulnerability of the mobile operating system MIUI is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.8CVSS7.7AI score0.06935EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.12 views

The vulnerability of Microsoft Excel editors, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of Microsoft Excel editors is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

7.3CVSS7.3AI score0.00767EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.12 views

The vulnerability of the VMware Workspace One Access application management platform, the VMware Identity Manager administration console, and the VMware vRealize Automation virtual infrastructure management tools is related to deficiencies in access control. This allows a malicious individual to elevate their privileges to the root level.

The vulnerabilities of the VMware Workspace One Access application management platform, the VMware Identity Manager administration console, and the VMware vRealize Automation virtual infrastructure management tools are related to deficiencies in access control. Exploiting these vulnerabilities ca...

7.8CVSS7.8AI score0.01062EPSS
Exploits3References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/05 12:0 a.m.12 views

The vulnerability of the Open Plug and Play (PnP) microprogramming software module of Cisco Small Business routers such as RV160, RV260, RV340, and RV345 is related to errors in processing input data. This vulnerability allows a hacker to execute arbitrary commands in the basic operating system.

The vulnerability of the Open Plug and Play PnP microprogramming software for Cisco Small Business routers such as RV160, RV260, RV340, and RV345 is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands on the operating...

10CVSS8.4AI score0.02877EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/08/01 12:0 a.m.12 views

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software allows a intruder to execute any command they desire.

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

10CVSS8.2AI score0.03158EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/27 12:0 a.m.12 views

The default installation configuration “[webserver] secret_key” of the Airflow data processing software’s creation, monitoring, and orchestration tools makes it possible for a malicious individual to gain unauthorized access to an external web server.

The vulnerability of the default installation configuration “webserver secretkey” in software for creating, monitoring, and orchestrating Airflow data processing scenarios is related to the use of pre-installed credentials. Exploiting this vulnerability could allow an attacker, operating remotely...

7.7CVSS7.2AI score0.23336EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/07/26 12:0 a.m.12 views

The vulnerability in the web interface for managing device information on the Cisco Common Services Platform Collector allows a attacker to carry out cross-site scripting attacks.

The vulnerability in the web interface for collecting device information on the Cisco Common Services Platform Collector exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a...

6.4CVSS6.2AI score0.00685EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.12 views

The vulnerability of the njs_vmcode_interpreter function (src/njs_vmcode.c) in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njsvmcodeinterpreter function src/njsvmcode.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

5.5CVSS5.9AI score0.00613EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to inadequate access control mechanisms. This allows a malicious individual to complete any process within the system.

The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to complete any process within the system remotely...

6.8CVSS5.6AI score0.00741EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.

The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...

7.8CVSS8.1AI score0.00782EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool allows a perpetrator to trigger a service failure.

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

7.7CVSS6.8AI score0.00951EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the ssh_command function in the web interface for managing Roxy-wi servers allows a hacker to execute arbitrary code.

The vulnerability of the sshcommand function in the web interface for managing Roxy-wi servers is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.49937EPSS
Exploits3References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of Microprogrammed Software in Omron NJ/NX automation controllers, related to bypassing the authentication process using capture-replay techniques for intercepted parameters, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of Microprogrammed Software in Omron NJ/NX automation controllers lies in the ability to bypass the authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability allows a malicious actor to trigger malfunctio...

7.6CVSS7.5AI score0.01146EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the QTS operating system, specifically the QuTS Hero operating system, is related to deficiencies in pathname restriction, which allows attackers to compromise the confidentiality of information.

The vulnerability of the QTS operating system is related to deficiencies in pathname restriction. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of information...

5.3CVSS6.2AI score0.00888EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the QTS operating system, specifically the QuTS Hero operating system, is related to the lack of protective measures for website structures. This allows attackers to compromise the confidentiality and integrity of information.

The vulnerability of the QTS operating system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of information...

6.1CVSS6.6AI score0.00706EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules allows a hacker to gain access to the device by intercepting the authentication token.

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules is related to an incorrect expiration time of the session. Exploiting this vulnerability can allow attackers to gain access to the device by intercepting the authentication...

9.1CVSS7.7AI score0.00918EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability in the implementation of diagnostic commands and the import of operating systems for Fireware devices used in network security solutions like WatchGuard Firebox and XTM allows attackers to upload and download arbitrary files.

The vulnerability of the diagnostic commands and the import functions of Fireware operating systems for network security devices like WatchGuard Firebox and XTM lies in the possibility of these commands being exploited. Exploiting this vulnerability allows a malicious actor to upload and download...

7.8CVSS7.6AI score0.01242EPSS
Exploits2References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.12 views

The vulnerability of the Teamcenter product lifecycle management system lies in the improper restriction of XML references to external objects, which allows attackers to perform XXE attacks.

The vulnerability of the Teamcenter product lifecycle management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform XXE attacks remotely...

7.8CVSS7.1AI score0.00964EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Universal Banking system allows a perpetrator to gain access to data reading or cause a partial service disruption.

The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Universal Banking system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or cause partial service interruption...

6.1CVSS6.8AI score0.00609EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000