Lucene search
K
Bdu FstecMost viewed

90336 matches found

BDU FSTEC
BDU FSTEC
added 2022/10/20 12:0 a.m.12 views

The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.

The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...

10CVSS6.7AI score0.0083EPSS
Exploits0References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/10/18 12:0 a.m.12 views

The vulnerability in the web interface of Cisco Expressway micro-programming software and Cisco TelePresence Video Communication Server micro-programming device management software allows a attacker to perform a CSRF attack.

The vulnerability in the web interface of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server control devices is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a...

7.8CVSS5.4AI score0.00615EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/10/03 12:0 a.m.12 views

The vulnerability of the LibXfont library lies in the improper definition of symbolic links before accessing the file, allowing attackers to trigger a service failure.

The vulnerability of the LibXfont library is related to the incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability allows an attacker to cause service failures...

5.5CVSS6.4AI score0.0042EPSS
Exploits0References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.12 views

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

6.8CVSS6.9AI score0.00551EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.12 views

The vulnerability of the Corosync/Pacemaker PCS configuration tool is related to deficiencies in the authentication process, which allows attackers to escalate their privileges.

The vulnerability of the Corosync/Pacemaker PCS configuration tool is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9CVSS7.2AI score0.01825EPSS
Exploits1References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.

The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to the use of an untrusted indicator. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.8CVSS7.6AI score0.00288EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W allows a perpetrator to execute arbitrary commands or cause service failures.

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W arises from the copying of buffers without checking the size of the input data during the processing of user fields in incoming HTTP packets. Exploiting...

6.5CVSS7.5AI score0.01081EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.12 views

The vulnerability of the Horner Automation Cscape EnvisionRV software lies in insufficient validation of input data, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Horner Automation Cscape EnvisionRV software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

9.3CVSS7AI score0.00685EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.12 views

The vulnerability of the MiUI mobile operating system in devices like Redmi Note 11 and Redmi Note 9T, related to writing beyond the buffer in memory, allows a hacker to trigger a service failure.

The vulnerability of the mobile operating system MIUI is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.8CVSS7.7AI score0.06935EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.12 views

The vulnerability of Microsoft Excel editors, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of Microsoft Excel editors is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

7.3CVSS7.3AI score0.00767EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.12 views

The vulnerability of the VMware Workspace One Access application management platform, the VMware Identity Manager administration console, and the VMware vRealize Automation virtual infrastructure management tools is related to deficiencies in access control. This allows a malicious individual to elevate their privileges to the root level.

The vulnerabilities of the VMware Workspace One Access application management platform, the VMware Identity Manager administration console, and the VMware vRealize Automation virtual infrastructure management tools are related to deficiencies in access control. Exploiting these vulnerabilities ca...

7.8CVSS7.8AI score0.01062EPSS
Exploits3References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/05 12:0 a.m.12 views

The vulnerability of the Open Plug and Play (PnP) microprogramming software module of Cisco Small Business routers such as RV160, RV260, RV340, and RV345 is related to errors in processing input data. This vulnerability allows a hacker to execute arbitrary commands in the basic operating system.

The vulnerability of the Open Plug and Play PnP microprogramming software for Cisco Small Business routers such as RV160, RV260, RV340, and RV345 is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands on the operating...

10CVSS8.4AI score0.02877EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/08/01 12:0 a.m.12 views

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software allows a intruder to execute any command they desire.

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

10CVSS8.2AI score0.03158EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/27 12:0 a.m.12 views

The default installation configuration “[webserver] secret_key” of the Airflow data processing software’s creation, monitoring, and orchestration tools makes it possible for a malicious individual to gain unauthorized access to an external web server.

The vulnerability of the default installation configuration “webserver secretkey” in software for creating, monitoring, and orchestrating Airflow data processing scenarios is related to the use of pre-installed credentials. Exploiting this vulnerability could allow an attacker, operating remotely...

7.7CVSS7.2AI score0.23336EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/07/26 12:0 a.m.12 views

The vulnerability in the web interface for managing device information on the Cisco Common Services Platform Collector allows a attacker to carry out cross-site scripting attacks.

The vulnerability in the web interface for collecting device information on the Cisco Common Services Platform Collector exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a...

6.4CVSS6.2AI score0.00685EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.12 views

The vulnerability of the njs_vmcode_interpreter function (src/njs_vmcode.c) in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njsvmcodeinterpreter function src/njsvmcode.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

5.5CVSS5.9AI score0.00613EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to inadequate access control mechanisms. This allows a malicious individual to complete any process within the system.

The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to complete any process within the system remotely...

6.8CVSS5.6AI score0.00741EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.

The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...

7.8CVSS8.1AI score0.00782EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool allows a perpetrator to trigger a service failure.

The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

7.7CVSS6.8AI score0.00951EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the mobile plugin for data processing in Atlassian Jira Server and Data Center allows a perpetrator to execute an SSRF attack.

The vulnerability of the mobile plugin for data processing in Atlassian Jira Server and Data Center is related to insufficient testing of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

7.5CVSS6.5AI score0.71169EPSS
Exploits1References4Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the ssh_command function in the web interface for managing Roxy-wi servers allows a hacker to execute arbitrary code.

The vulnerability of the sshcommand function in the web interface for managing Roxy-wi servers is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.49937EPSS
Exploits3References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of Microprogrammed Software in Omron NJ/NX automation controllers, related to bypassing the authentication process using capture-replay techniques for intercepted parameters, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of Microprogrammed Software in Omron NJ/NX automation controllers lies in the ability to bypass the authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability allows a malicious actor to trigger malfunctio...

7.6CVSS7.5AI score0.01146EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability in the implementation of diagnostic commands and the import of operating systems for Fireware devices used in network security solutions like WatchGuard Firebox and XTM allows attackers to upload and download arbitrary files.

The vulnerability of the diagnostic commands and the import functions of Fireware operating systems for network security devices like WatchGuard Firebox and XTM lies in the possibility of these commands being exploited. Exploiting this vulnerability allows a malicious actor to upload and download...

7.8CVSS7.6AI score0.01242EPSS
Exploits2References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the QTS operating system, specifically the QuTS Hero operating system, is related to the lack of protective measures for website structures. This allows attackers to compromise the confidentiality and integrity of information.

The vulnerability of the QTS operating system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of information...

6.1CVSS6.6AI score0.00706EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules allows a hacker to gain access to the device by intercepting the authentication token.

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules is related to an incorrect expiration time of the session. Exploiting this vulnerability can allow attackers to gain access to the device by intercepting the authentication...

9.1CVSS7.7AI score0.00918EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.12 views

The vulnerability of the Teamcenter product lifecycle management system lies in the improper restriction of XML references to external objects, which allows attackers to perform XXE attacks.

The vulnerability of the Teamcenter product lifecycle management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform XXE attacks remotely...

7.8CVSS7.1AI score0.00964EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a attacker to trigger a service failure.

The vulnerability of the Core server component of Oracle WebLogic Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions using network T3/IIOP protocols...

7.8CVSS6.9AI score0.01303EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the OGG Core Library, a data stream management tool from Oracle GoldenGate, allows a hacker to gain full control over the application.

The vulnerability of the OGG Core Library, a data stream management tool of Oracle GoldenGate, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application...

8.8CVSS7.6AI score0.00308EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service disruption.

The vulnerability of Oracle Banking Trade Finance’s Infrastructure component is related to errors in the code. Exploiting this vulnerability allows a malicious actor to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service interruptions through...

6.1CVSS6.8AI score0.00609EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the Financial Gateway component of the PeopleSoft Enterprise FIN Cash Management software allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Financial Gateway component of the PeopleSoft Enterprise FIN Cash Management software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify data using specially...

5.4CVSS6.6AI score0.00498EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/08 12:0 a.m.12 views

The vulnerability of the MultipartStream.java file in the Apache Commons FileUpload library allows a hacker to induce a service failure.

The vulnerability of the MultipartStream.java file in the Apache Commons FileUpload library is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure by manipulating the Content-Type header created by the...

7.5CVSS6.6AI score0.83175EPSS
Exploits8References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/06/07 12:0 a.m.12 views

The vulnerability of the Business Logic Infra SEC component of the JD Edwards EnterpriseOne Tools system for managing enterprise resources allows a perpetrator to gain access to data or cause service interruptions.

The vulnerability of the Business Logic Infra SEC component of the JD Edwards EnterpriseOne Tools system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to gain read access to data or cause service failures through HTTP requests...

8.5CVSS7.5AI score0.02089EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/20 12:0 a.m.12 views

Microsoft Edge’s vulnerability, related to security configuration errors, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

7.5CVSS7.1AI score0.01307EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/13 12:0 a.m.12 views

The vulnerability of the Kerberos KDC component of the Active Directory service for Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Kerberos KDC component of the Active Directory catalog service on Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

9CVSS7.9AI score0.83277EPSS
Exploits8References4
BDU FSTEC
BDU FSTEC
added 2022/04/21 12:0 a.m.12 views

The vulnerability of the web interface of Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P allows attackers to elevate their privileges to the root level.

The vulnerability of the web interface of Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P routers is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to elevate their privileges to the root level...

9.3CVSS7.3AI score0.04598EPSS
Exploits0References3Affected Software8
BDU FSTEC
BDU FSTEC
added 2022/04/21 12:0 a.m.12 views

The vulnerability of the microprogramming software check function for Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P allows attackers to install and load malicious software or execute unsigned binary files on vulnerable devices.

The vulnerability of the microprogramming software-based image verification function in Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P routers is related to improper verification of the cryptographic signature. Exploiting this vulnerability can allow...

9.3CVSS7.7AI score0.09203EPSS
Exploits0References4Affected Software9
BDU FSTEC
BDU FSTEC
added 2022/04/21 12:0 a.m.12 views

The vulnerability of the ext/session/session.c component in the PHP programming language allows a attacker to cause a service failure or potentially cause other effects.

The vulnerability of the ext/session/session.c component of the PHP programming language interpreter is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause service interruptions or potentially cause other adverse effects...

10CVSS7.5AI score0.0548EPSS
Exploits0References13Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.12 views

The vulnerability of the FortiOS operating system’s signature verification function allows a hacker to execute arbitrary code.

The vulnerability of the FortiOS operating system’s signature verification function is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created installation images...

9.3CVSS8.4AI score0.0144EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/06 12:0 a.m.12 views

Vulnerabilities of functions mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable in TLS and SSL protocol implementations. These vulnerabilities allow attackers to access confidential data.

The vulnerabilities of functions mbedtlsecpcheckpubpriv, mbedtlspkparsekey, mbedtlspkparsekeyfile, mbedtlsecpmul, and mbedtlsecpmulrestartable in TLS and SSL protocols involve information disclosure due to inconsistencies. Exploiting these vulnerabilities allows a remote attacker to gain access t...

5.3CVSS6AI score0.01264EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.12 views

Vulnerability of the Server: Optimizer component of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server: Optimizer component of the MySQL database management system is related to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...

6.8CVSS6.4AI score0.02196EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/01 12:0 a.m.12 views

The vulnerability of the HTTP library for Rust Hyper, related to shortcomings in HTTP request processing, allows attackers to compromise data integrity.

The vulnerability of the HTTP library for Rust Hyper relates to the improper handling of requests with a “+” prefix in the Content-Length header. Exploiting this vulnerability allows an attacker to compromise data integrity...

5.3CVSS5.9AI score0.00886EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/01 12:0 a.m.12 views

The vulnerability of Xen hypervisors is related to deficiencies in authentication procedures. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of Xen hypervisors is related to deficiencies in the authentication process. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...

7.2CVSS6.6AI score0.00378EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/03/18 12:0 a.m.12 views

The vulnerability of the WLAN AutoConfig service in the Microsoft Windows operating system allows a hacker to gain increased privileges.

The vulnerability of the WLAN AutoConfig service in the Microsoft Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

8.3CVSS7.2AI score0.00734EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/03/09 12:0 a.m.12 views

The vulnerability of the Microsoft Exchange Server mail server, related to errors in code generation, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to errors in code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8.2AI score0.40789EPSS
Exploits3References3
BDU FSTEC
BDU FSTEC
added 2022/03/09 12:0 a.m.12 views

The vulnerability of the HTML code transformation module in Google Chrome and Microsoft Edge browsers allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability of the HTML parser module used by Google Chrome and Microsoft Edge browsers is related to security vulnerabilities in the handling of service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...

8.5CVSS7.1AI score0.00545EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/03/09 12:0 a.m.12 views

The vulnerability of the embedded software of NETGEAR routers such as R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850 lies in the absence of measures to sanitize input data. This allows attackers to execute arbitrary commands.

The vulnerability of NETGEAR’s integrated routing software devices such as R7850, R7900P, R7960P, R8000, R8000P, RAX200, RAX75, RAX80, RBK752, RBK852, RBR750, RBR850, RBS750, and RBS850 lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to...

9CVSS8AI score0.01482EPSS
Exploits0References3Affected Software14
BDU FSTEC
BDU FSTEC
added 2022/03/09 12:0 a.m.12 views

The vulnerability of the File Manager API of Google Chrome allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the File Manager API in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information through a specially crafted HTML...

9.3CVSS7.7AI score0.00941EPSS
Exploits1References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/03/05 12:0 a.m.12 views

The vulnerability of the built-in software of NETGEAR routers such as LBR20, RBS50Y, RBR10, RBR20, RBR40, RBR50, RBS10, RBS20, RBS40, RBS50, RBK12, RBK20, RBK40, and RBK50 lies in the lack of measures to sanitize input data. This allows a malicious actor to execute arbitrary commands.

The vulnerability of NETGEAR’s integrated routing software, including models like LBR20, RBS50Y, RBR10, RBR20, RBR40, RBR50, RBS10, RBS20, RBS40, RBS50, RBK12, RBK20, RBK40, and RBK50, stems from the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attack...

9CVSS8AI score0.01604EPSS
Exploits0References3Affected Software14
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.12 views

The vulnerability of the threat detection mechanism for Microsoft Defender for IoT, related to improper code generation, allows a malicious actor to execute arbitrary code.

The vulnerability of the Microsoft Defender for IoT threat detection mechanism is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted request...

8.1CVSS8.2AI score0.01992EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/28 12:0 a.m.12 views

The vulnerability of the GlobalProtect for Windows endpoint protection software lies in the incorrect definition of the link before accessing the file. This allows attackers to escalate their privileges.

The vulnerability of the GlobalProtect for Windows endpoint protection software lies in the incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to increase their privileges...

7CVSS7.2AI score0.00276EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000