Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.12 views

The vulnerability of the ConfigFileUpload() function in the web interface for managing D-Link DIR-1935 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the ConfigFileUpload function in the web interface for managing D-Link DIR-1935 router microprogramming software is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.7CVSS7.1AI score0.00813EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.12 views

The vulnerability of Microsoft Exchange Server servers, related to deficiencies in access control, allows attackers to increase their privileges.

The vulnerability of Microsoft Exchange Server is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7.5AI score0.00571EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.12 views

The vulnerability of the Microsoft Windows Sysmon system service, related to access control deficiencies, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Windows Sysmon system service is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS7.3AI score0.01082EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/11/17 12:0 a.m.12 views

The vulnerability of the BitLocker Device Encryption security function in Windows operating systems allows attackers to circumvent security restrictions.

The vulnerability of the BitLocker Device Encryption security function in Windows operating systems is related to security configuration errors. Exploiting this vulnerability could allow a hacker to circumvent security restrictions...

4.9CVSS6.4AI score0.03631EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/11/15 12:0 a.m.12 views

The vulnerability of the vector graphics editor CorelDRAW Graphics Suite (formerly CorelDRAW) lies in the ability to read data beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.

The vulnerability of the CorelDRAW Graphics Suite formerly CorelDRAW graphic editor lies in the reading of data beyond the buffer boundaries in memory during the syntax analysis of EMF files. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...

7.8CVSS7.8AI score0.00873EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/11/15 12:0 a.m.12 views

The vulnerability in the web interface for managing the Cisco AsyncOS operating system of the Cisco Email Security Appliance (ESA) security email system, the Cisco Secure Email and Web Manager content protection device, and the Cisco Secure Web Appliance (formerly Cisco Web Security Appliance (WSA)) web gateway allows a perpetrator to enhance their privileges.

The vulnerability in the web interface for managing the Cisco AsyncOS operating system of the Cisco Email Security Appliance ESA, the Cisco Secure Email and Web Manager, and the Cisco Secure Web Appliance formerly Cisco Web Security Appliance WSA relates to the use of a hard-coded cryptographic...

9CVSS7.6AI score0.00696EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/11/15 12:0 a.m.12 views

The vulnerability of the Cisco Email Security Appliance’s security system and the Cisco Secure Email and Web Manager, related to the failure to handle CRLF sequences in HTTP headers, allows attackers to perform attacks by splitting HTTP responses.

The vulnerability of the Cisco Email Security Appliance’s security system and the Cisco Secure Email and Web Manager devices relates to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a malicious actor to perform attacks by splitting HTTP responses using...

5.3CVSS5.9AI score0.00546EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/11/15 12:0 a.m.12 views

The vulnerability in the web interface of the Cisco BroadWorks CommPilot Application Software allows a attacker to perform an SSRF attack.

The vulnerability of the Cisco BroadWorks CommPilot Application Software’s web interface is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack using a specially crafted HTTP request...

7.7CVSS6.7AI score0.01873EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/28 12:0 a.m.12 views

The vulnerability of the Fortinet FortiNAC access control device lies in its lack of measures to protect the website structure, allowing attackers to execute cross-site scripting attacks.

The vulnerability of the Fortinet FortiNAC network access control device is related to the lack of protection for the website structure when processing the User ID parameter for the administrator. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.1CVSS6AI score0.01154EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/28 12:0 a.m.12 views

The vulnerability of the FortiTester software-based diagnostic and audit tools for computer networks, as well as the FortiAnalyzer tool for event monitoring and analysis, stems from the lack of protective measures taken for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the FortiTester software for diagnosing and auditing computer networks, as well as the FortiAnalyzer software for monitoring and analyzing security events, is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow...

5.5CVSS5.6AI score0.00851EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/10/20 12:0 a.m.12 views

The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.

The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...

10CVSS6.7AI score0.0083EPSS
Exploits0References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/10/18 12:0 a.m.12 views

The vulnerability in the web interface of Cisco Expressway micro-programming software and Cisco TelePresence Video Communication Server micro-programming device management software allows a attacker to perform a CSRF attack.

The vulnerability in the web interface of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server control devices is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a...

7.8CVSS5.4AI score0.00615EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/09/30 12:0 a.m.12 views

The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software framework allows attackers to circumvent security restrictions.

The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to deficiencies in access control when processing the ‘action: prefix’ parameter. Exploiting this vulnerability allows an attacker to bypass security restrictions while operating...

7.2CVSS7.7AI score0.07457EPSS
Exploits1References5Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.12 views

The vulnerability of the Corosync/Pacemaker PCS configuration tool is related to deficiencies in the authentication process, which allows attackers to escalate their privileges.

The vulnerability of the Corosync/Pacemaker PCS configuration tool is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9CVSS7.2AI score0.01825EPSS
Exploits1References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.12 views

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

6.8CVSS6.9AI score0.00551EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/07 12:0 a.m.12 views

The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System lies in the lack of authentication for the password change function, which allows unauthorized users to escalate their privileges.

The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System lies in the lack of authentication for the password change function. Exploiting this vulnerability could allow an attacker to gain increased privileges from a remote location...

10CVSS7.8AI score0.00807EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability of the getAttrValue function in D-Link DSL-3782 router microprogramming software, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.

The vulnerability of the getAttrValue function in D-Link DSL-3782 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

5.5CVSS8.3AI score0.01275EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability of the Vim text editor lies in the fact that an operation can be performed outside the buffer, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Vim text editor is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.8CVSS7.5AI score0.01792EPSS
Exploits1References16Affected Software9
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability of the Vim text editor lies in the fact that an operation can be performed outside the buffer, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Vim text editor is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.8CVSS7.6AI score0.01461EPSS
Exploits1References17Affected Software10
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.

The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to the use of an untrusted indicator. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.8CVSS7.6AI score0.00288EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service disruption.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to create, delete, or alter access to critical data, gain read-only access to data, or cause a...

6.8CVSS6.9AI score0.00551EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/05 12:0 a.m.12 views

The vulnerability of the Microsoft Visual Studio software development tool and the Microsoft.NET Framework software platform lies in improper cleaning or release of resources, allowing a perpetrator to cause service failures.

The vulnerability of the Microsoft Visual Studio software development tool and the Microsoft.NET Framework software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS6.8AI score0.03306EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.12 views

The vulnerability of the Horner Automation Cscape EnvisionRV software lies in insufficient validation of input data, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Horner Automation Cscape EnvisionRV software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

9.3CVSS7AI score0.00685EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/30 12:0 a.m.12 views

The vulnerability of the netback driver for Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the netback driver for Linux operating systems is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

6.5CVSS6.6AI score0.00332EPSS
Exploits0References16Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.12 views

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of protective measures for website structures, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

5.5CVSS5.3AI score0.68332EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.12 views

The vulnerability of the Adobe Framemaker desktop publishing system lies in its memory management after memory is freed, allowing an attacker to execute arbitrary code.

The vulnerability of the desktop publishing system Adobe Framemaker relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious file...

7.8CVSS7.6AI score0.0043EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/22 12:0 a.m.12 views

The vulnerability of PDFTron software components, used by Autodesk for modeling, design, and drafting, allows a hacker to execute arbitrary code.

The vulnerability of PDFTron software components, used by Autodesk for modeling, design, and drawing tasks, involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during PDF file analysis...

9.3CVSS7.7AI score0.00727EPSS
Exploits0References3Affected Software12
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.12 views

The vulnerability of the MiUI mobile operating system in devices like Redmi Note 11 and Redmi Note 9T, related to writing beyond the buffer in memory, allows a hacker to trigger a service failure.

The vulnerability of the mobile operating system MIUI is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.8CVSS7.7AI score0.06935EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.12 views

The vulnerability of Microsoft Excel editors, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of Microsoft Excel editors is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...

7.3CVSS7.3AI score0.00767EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.12 views

The vulnerability of the PAN-OS operating system, related to errors in configuring URL filtering policies, allows a perpetrator to trigger a Denial-of-Service Attack (RDoS).

The vulnerability of the PAN-OS operating system is related to errors in configuring URL filtering policies. Exploiting this vulnerability can allow a malicious actor to perform a Denial-of-Service Attack RDoS...

8.6CVSS7.6AI score0.02041EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/05 12:0 a.m.12 views

The vulnerability of the Open Plug and Play (PnP) microprogramming software module of Cisco Small Business routers such as RV160, RV260, RV340, and RV345 is related to errors in processing input data. This vulnerability allows a hacker to execute arbitrary commands in the basic operating system.

The vulnerability of the Open Plug and Play PnP microprogramming software for Cisco Small Business routers such as RV160, RV260, RV340, and RV345 is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands on the operating...

10CVSS8.4AI score0.02877EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/08/01 12:0 a.m.12 views

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software allows a intruder to execute any command they desire.

The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

10CVSS8.2AI score0.03158EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/27 12:0 a.m.12 views

The default installation configuration “[webserver] secret_key” of the Airflow data processing software’s creation, monitoring, and orchestration tools makes it possible for a malicious individual to gain unauthorized access to an external web server.

The vulnerability of the default installation configuration “webserver secretkey” in software for creating, monitoring, and orchestrating Airflow data processing scenarios is related to the use of pre-installed credentials. Exploiting this vulnerability could allow an attacker, operating remotely...

7.7CVSS7.2AI score0.23336EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/07/26 12:0 a.m.12 views

The vulnerability in the web interface for managing device information on the Cisco Common Services Platform Collector allows a attacker to carry out cross-site scripting attacks.

The vulnerability in the web interface for collecting device information on the Cisco Common Services Platform Collector exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a...

6.4CVSS6.2AI score0.00685EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.12 views

The vulnerability of the Apache Tomcat application server’s Realm implementation, related to information disclosure due to mismatches, allows attackers to determine all existing user names.

The vulnerability of the Apache Tomcat application server’s Realm implementation is related to the exposure of information through mismatches. Exploiting this vulnerability allows a remote attacker to discover all existing user names...

5.9CVSS6.5AI score0.07991EPSS
Exploits0References21Affected Software10
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.12 views

The vulnerability of the njs_vmcode_interpreter function (src/njs_vmcode.c) in the njs interpreter of the nginx server allows a hacker to cause a service failure.

The vulnerability of the njsvmcodeinterpreter function src/njsvmcode.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

5.5CVSS5.9AI score0.00628EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the mobile plugin for data processing in Atlassian Jira Server and Data Center allows a perpetrator to execute an SSRF attack.

The vulnerability of the mobile plugin for data processing in Atlassian Jira Server and Data Center is related to insufficient testing of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

7.5CVSS6.5AI score0.71169EPSS
Exploits1References4Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the network software for social games and heroiclabs/nakama applications relates to insufficient restrictions on authentication attempts, allowing a perpetrator to gain unauthorized access to protected information.

The vulnerability of the network software for social games and heroiclabs/nakama applications is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

7.8CVSS7.2AI score0.01468EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the ssh_command function in the web interface for managing Roxy-wi servers allows a hacker to execute arbitrary code.

The vulnerability of the sshcommand function in the web interface for managing Roxy-wi servers is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.49937EPSS
Exploits3References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to inadequate access control mechanisms. This allows a malicious individual to complete any process within the system.

The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to complete any process within the system remotely...

6.8CVSS5.6AI score0.00741EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of Microprogrammed Software in Omron NJ/NX automation controllers, related to bypassing the authentication process using capture-replay techniques for intercepted parameters, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of Microprogrammed Software in Omron NJ/NX automation controllers lies in the ability to bypass the authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability allows a malicious actor to trigger malfunctio...

7.6CVSS7.5AI score0.01146EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.

The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...

7.8CVSS8.1AI score0.00782EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the QTS operating system, specifically the QuTS Hero operating system, is related to the lack of protective measures for website structures. This allows attackers to compromise the confidentiality and integrity of information.

The vulnerability of the QTS operating system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of information...

6.1CVSS6.6AI score0.00706EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the OAS Engine SecureAddUser function in the platform for data transmission between devices and applications allows a perpetrator to gain unauthorized access to the system.

The vulnerability of the OAS Engine SecureAddUser function on the platform for data transfer between devices and applications is related to the lack of authentication checks for this critical function. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized...

7.8CVSS7.2AI score0.01208EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules allows a hacker to gain access to the device by intercepting the authentication token.

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules is related to an incorrect expiration time of the session. Exploiting this vulnerability can allow attackers to gain access to the device by intercepting the authentication...

9.1CVSS7.7AI score0.00918EPSS
Exploits0References2Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.12 views

The vulnerability of the modular interface between web servers and web applications in Rack, related to improper neutralization of special elements used in operating system commands, allows attackers to execute arbitrary shell commands on the target system.

The vulnerability of the modular interface between web servers and web applications in Rack is related to improper input validation during data processing. This issue occurs when data is transmitted through the intermediate software Rack Lint and CommonLogger. Exploiting this vulnerability allows...

10CVSS7.1AI score0.01801EPSS
Exploits0References10Affected Software9
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.12 views

The vulnerability of the Teamcenter product lifecycle management system lies in the improper restriction of XML references to external objects, which allows attackers to perform XXE attacks.

The vulnerability of the Teamcenter product lifecycle management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform XXE attacks remotely...

7.8CVSS7.1AI score0.00964EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through HTTP...

7.8CVSS7.2AI score0.01785EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service disruption.

The vulnerability of Oracle Banking Trade Finance’s Infrastructure component is related to errors in the code. Exploiting this vulnerability allows a malicious actor to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service interruptions through...

6.1CVSS6.8AI score0.00609EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.12 views

The vulnerability of the Financial Gateway component of the PeopleSoft Enterprise FIN Cash Management software allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Financial Gateway component of the PeopleSoft Enterprise FIN Cash Management software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify data using specially...

5.4CVSS6.6AI score0.00498EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000