Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2024/08/06 12:0 a.m.11 views

The vulnerability of the Override View function in the Apache OFBiz resource planning software allows a hacker to execute arbitrary code.

The vulnerability of the Override View function in the Apache OFBiz enterprise resource planning software is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests remotely...

10CVSS8.5AI score0.99427EPSS
Exploits10References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.11 views

The vulnerability of the Microprogramming Software of Supermicro BMC controllers, related to the execution of operations outside the buffer in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Microprogrammed Software of Supermicro controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.5CVSS5.9AI score0.00152EPSS
Exploits0References4Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.11 views

The vulnerability of the Custom Actions component in the software support services of Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus allows a attacker to execute XSS attacks.

The vulnerability of the Custom Actions component in the software support services of Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus exists due to the lack of protective measures for the website structure. Exploiting this...

4CVSS5.4AI score0.01908EPSS
Exploits0References2Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.11 views

The vulnerability of the Updater component of the Google Chrome browser, which allows a hacker to escalate their privileges.

The vulnerability of the Updater component in Google Chrome browser is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

10CVSS7.5AI score0.00175EPSS
Exploits1References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/24 12:0 a.m.11 views

The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow attackers to downgrade the firmware version of the devices.

The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to downgrade the firmware version of the...

6.8CVSS7.1AI score0.00524EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.11 views

The vulnerability of the Packet Forwarding Engine (PFE) mechanism in Juniper Networks’ Junos OS operating systems of the QFX5000 Series, EX4100 Series, EX4400 Series, and EX4650 Series devices allows a attacker to cause service interruptions.

The vulnerability of the Packet Forwarding Engine PFE mechanism in Juniper Networks’ Junos OS for devices in the QFX5000 Series, EX4100 Series, EX4400 Series, and EX4650 Series models is related to insufficient spatial partitioning. Exploiting this vulnerability can allow a malicious actor to cau...

6.5CVSS5.4AI score0.00289EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.11 views

The vulnerability of the microprogramming software of the ICU device and the iSTAR Pro door controller allows a intruder to carry out a “machine-in-the-midden” attack.

The vulnerability of the ICU tool and the iSTAR Pro door controller is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a remote attacker to execute a “midair attack”...

9.4CVSS5.7AI score0.00586EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/07/17 12:0 a.m.11 views

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted .md files...

7.5CVSS6AI score0.01726EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/17 12:0 a.m.11 views

The vulnerability of the Web Services Dynamic Discovery (WS-Discovery) protocol in Windows operating systems allows a perpetrator to cause a service failure.

The vulnerability of the Web Services Dynamic Discovery WS-Discovery protocol in Windows operating systems is related to improper handling of the absence of a specific element. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS5.4AI score0.01905EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/07/15 12:0 a.m.11 views

The vulnerability of the Azure DevOps Server software lies in the lack of protective measures for the website structure, allowing attackers to perform spear-phishing attacks.

The vulnerability of the Azure DevOps Server development tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow attackers to perform spear-phishing attacks remotely...

8.7CVSS5.4AI score0.01582EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/21 12:0 a.m.11 views

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows a perpetrator to execute arbitrary code on the target system.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using a specially created HTML page...

10CVSS8.1AI score0.00924EPSS
Exploits0References15Affected Software7
BDU FSTEC
BDU FSTEC
added 2024/06/17 12:0 a.m.11 views

The vulnerability of the ath12k_htt_mlo_offset_event_handler() function in Qualcomm Technologies’ Linux-based Wi-Fi 7 driver allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ath12khttmlooffseteventhandler function in the drivers/net/wireless/ath/ath12k/dprx.c file of the Qualcomm Technologies Wi-Fi 7 kernel for the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an...

7.8CVSS5.5AI score0.00238EPSS
Exploits0References10Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/06/14 12:0 a.m.11 views

The vulnerability of Acquia DAM, a platform for organizing and managing digital assets, stems from lack of access control. This allows attackers to trigger service interruptions.

The vulnerability of Acquia DAM, a platform for organizing and managing digital assets, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service interruptions...

7.8CVSS5.5AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/14 12:0 a.m.11 views

The vulnerability of the gpio_chrdev_release() function in the Linux kernel driver for GPIO operations allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the gpiochrdevrelease function in the drivers/gpio/gpiolib-cdev.c file of the Linux kernel’s GPIO driver is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker to compromise the...

7CVSS6.8AI score0.00178EPSS
Exploits0References19Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.11 views

The vulnerability of TP-Link Omada er605 microcontroller-based software is caused by buffer overflow in the stack, allowing an attacker to execute arbitrary code.

The vulnerability of TP-Link Omada er605 microprogramming software is caused by buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.9AI score0.00815EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2024/05/28 12:0 a.m.11 views

The vulnerability of controllers for hypervisor storage in VMware ESXi, VMware Workstation, and VMware Fusion allows a hacker to execute arbitrary code.

The vulnerability of storage controller devices in VMware ESXi, VMware Workstation, and VMware Fusion lies in the ability to read/write data beyond the allowed range. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.1CVSS7.8AI score0.00163EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.11 views

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system allows a intruder to re-record any files in the system.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the validation of input data during the processing of sequence bypasses for directories. Exploiting this vulnerability allows a malicious actor to re-record any files in the system...

7.7CVSS5.5AI score0.00908EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/17 12:0 a.m.11 views

The vulnerability of the SSL-VPN portal for FortiOS operating systems and the proxy server used to protect against internet attacks by FortiProxy allows attackers to send packets from arbitrary IP addresses.

The vulnerability of the SSL-VPN portal for FortiOS operating systems and the FortiProxy proxy server used for protecting against internet attacks is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to send packets from arbitrary IP...

5CVSS5.6AI score0.00288EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.11 views

The vulnerability of the mtk_spi_interrupt() function in the drivers/spi/spi-mt65xx.c file of the Mediatek SPI kernel for the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the mtkspiinterrupt function in the drivers/spi/spi-mt65xx.c file of the Mediatek SPI kernel for the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.01176EPSS
Exploits0References26Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/05/13 12:0 a.m.11 views

The vulnerability of the web server of the microprogramming software for asynchronous servers Moxa NPort 5100A allows a hacker to increase their privileges.

The vulnerability of the web server of Moxa NPort 5100A microprogramming software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

8.3CVSS5.4AI score0.00381EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.11 views

The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the Microsoft ODBC Driver for SQL Server dynamic sorting library is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

10CVSS8.2AI score0.02415EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/05/02 12:0 a.m.11 views

Vulnerability of the Server component: The Information Schema of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.

Vulnerability of the Server component: The information schema of the Oracle MySQL Server database management system is related to improper cleaning or release of resources. Exploiting this vulnerability may allow a malicious actor to cause service interruptions remotely...

5.3CVSS6.3AI score0.00976EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.11 views

The vulnerability of the downloader.php plugin of the WordPress Automatic Plugin system for website content management allows a attacker to perform an SSRF attack.

The vulnerability of the downloader.php plugin in the WordPress Automatic Plugin system for website content management involves insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

10CVSS7.8AI score0.72953EPSS
Exploits2References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/23 12:0 a.m.11 views

The vulnerability of the secondscreen.gateway service on the LG WebOS operating system for LG TVs allows a hacker to create a privileged user account.

The vulnerability of the secondscreen.gateway service on the LG WebOS operating system for LG TVs involves exploiting a authentication mechanism by modifying configuration settings. Exploiting this vulnerability allows an attacker to create a privileged user account remotely...

7.2CVSS8AI score0.01078EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/23 12:0 a.m.11 views

The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system allows a hacker to execute arbitrary commands on behalf of the dbus user.

The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a malicious acto...

9.1CVSS8.1AI score0.0392EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/10 12:0 a.m.11 views

The vulnerability of the expr_delete_term() function in the YASM assembler allows a hacker to trigger a service failure.

The vulnerability of the exprdeleteterm function in the YASM assembler is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a perpetrator to cause a service failure...

5.5CVSS5.5AI score0.00416EPSS
Exploits1References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/04/09 12:0 a.m.11 views

The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment allows a hacker to cause a service failure.

The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment is related to the lack of speed limits on the merging of elements. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.2AI score0.00508EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/04/09 12:0 a.m.11 views

The vulnerability of the ApiPageSet.php file of the software for implementing the MediaWiki hypertext environment allows a hacker to cause a service failure.

The vulnerability of the ApiPageSet.php file of the software for implementing the MediaWiki hypertext environment is related to an unlimited loop. When requesting this file, a RequestTimeoutException occurs, and the request is redirected to other options with specified redirections and converted...

7.8CVSS7.1AI score0.22699EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/04/09 12:0 a.m.11 views

The vulnerability of embedded Qualcomm microprogramming software, related to the lack of a data type conversion mechanism, allows attackers to execute arbitrary code.

The vulnerability of embedded software developed for Qualcomm chips lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS7.9AI score0.00107EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/08 12:0 a.m.11 views

The vulnerability of TP-Link Omada ER605 VPN router’s microprogramming software arises from the lack of measures taken to eliminate special elements used in the operating system’s command set. This vulnerability allows a hacker to execute arbitrary code in the root user context.

The vulnerability of TP-Link Omada ER605 VPN router’s microprogramming software exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root user’s...

7.2CVSS7.2AI score0.00973EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/04/08 12:0 a.m.11 views

The vulnerability of the oghttp-codec in the Envoy proxy server allows a hacker to trigger a service failure.

The vulnerability of the oghttp-codec in the implementation of the HTTP/2 protocol in the Envoy proxy is related to an error during request submission when exceeding the header size limit. This occurs due to the absence of the ENDHEADERS flag during the processing of CONTINUATION messages...

7.8CVSS7.5AI score0.86746EPSS
Exploits1References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/04/08 12:0 a.m.11 views

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in its ability to disclose information through a server error message, allowing an intruder to expose the protected information.

The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the disclosure of information through a server error message. Exploiting this vulnerability allows an attacker to remotely disclose the protected information...

5.3CVSS5.9AI score0.00376EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/03/18 12:0 a.m.11 views

The vulnerability of the formQuickIndex function in the /goform/QuickIndex file of the Tenda AC18 router’s microprogramming system allows a hacker to escalate their privileges.

The vulnerability of the formQuickIndex function in the /goform/QuickIndex module of the Tenda AC18 router’s microprogramming system relates to the ability to read data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to enhance their privileges ...

9CVSS7.9AI score0.01563EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/03/12 12:0 a.m.11 views

The vulnerability of the QTS, QuTS hero, and QuTScloud operating systems for QNAP network devices stems from the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the QTS, QuTS hero, and QuTScloud operating systems for QNAP network devices is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

5.8CVSS7.5AI score0.01108EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/02/27 12:0 a.m.11 views

The vulnerability of the Keycloak identity and access management software lies in its overly restrictive mechanism for blocking user accounts. This allows a malicious user to lock out the user from accessing their account.

The vulnerability of the Keycloak identity and access management software lies in its overly restrictive mechanism for blocking user accounts. Exploiting this vulnerability could allow a malicious actor to remotely block a user’s access to their account...

3.7CVSS5.5AI score0.00771EPSS
Exploits0References35Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.11 views

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.3AI score0.01484EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.11 views

The vulnerability of the Windows operating system’s kernel, which allows a hacker to bypass security restrictions

The vulnerability of the Windows operating system’s kernel is related to security configuration errors. Exploiting this vulnerability can allow a hacker to bypass security restrictions...

5.5CVSS6.6AI score0.00423EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.11 views

The vulnerability of the correctMkdir component in the npm package manager allows a attacker to circumvent existing security restrictions.

The vulnerability of the correctMkdir component in the npm package manager is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

7.8CVSS7.2AI score0.00327EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.11 views

The vulnerability of the Pragmatic General Multicast protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Pragmatic General Multicast protocol implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.1CVSS8.3AI score0.26899EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.11 views

The vulnerability of the XWiki Platform, which exists due to the lack of measures to neutralize special elements, allows a violator to gain unauthorized access to any arbitrary page.

The XWiki platform is vulnerable because special elements are not being eliminated from it. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to any arbitrary page...

9.9CVSS7.7AI score0.01144EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.11 views

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

9CVSS8AI score0.71143EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.11 views

The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to perform an “HTTP request hijacking” attack...

6.5CVSS6.5AI score0.0102EPSS
Exploits1References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.11 views

The vulnerability of the microprogrammed software of the MELSEC WS0-GETH00200 programmable logic controllers, related to bypassing the authentication process, allows a intruder to circumvent the authentication mechanism.

The vulnerability of the microprogrammed software of the MELSEC WS0-GETH00200 programmable logic controllers is related to the bypassing of the authentication process. Exploiting this vulnerability allows an attacker to bypass the authentication process remotely...

5.9CVSS7.1AI score0.00755EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/02/05 12:0 a.m.11 views

The vulnerability of the Rapid SCADA system, related to the storage of passwords in an unencrypted form, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the SCADA system Rapid SCADA is related to the storage of passwords in an unencrypted form. Exploiting this vulnerability can allow a intruder to gain unauthorized access to protected information...

6.2CVSS5.9AI score0.0016EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/05 12:0 a.m.11 views

The vulnerability of the Rapid SCADA system, related to deficiencies in the error reporting mechanism, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the SCADA system Rapid SCADA is related to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information by sending specially crafted requests...

5.3CVSS5.9AI score0.0041EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/02 12:0 a.m.11 views

The vulnerability of the DevmemIntMapPMR() function in the PowerVR GPU driver for Android and ChromeOS allows a hacker to execute arbitrary code and gain elevated privileges.

The vulnerability of the DevmemIntMapPMR function in the PowerVR GPU driver for Android and ChromeOS operating systems is related to the use of memory after it has been freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code and gain elevated privileges...

7.8CVSS8.1AI score0.00414EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/02 12:0 a.m.11 views

The vulnerabilities of microprogramming software in FeverWarn ESP32, FeverWarn RaspberryPi systems, and FeverWarn DataHub RaspberryPi, a system for centralized data storage and management, allow attackers to gain unauthorized access to protected information.

The vulnerability of the microprogramming software for thermal scanning systems—FeverWarn ESP32, FeverWarn RaspberryPi, and the centralized data storage and management system—FeverWarn DataHub RaspberryPi—is related to the absence of authentication procedures for critical functions during MQTT...

7.8CVSS7.2AI score0.00592EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/02/02 12:0 a.m.11 views

The vulnerability of the jas_image_decode() function in the JPC library, which allows an attacker to execute arbitrary code.

The vulnerability of the jasimagedecode function in the JPC library for the JasPer set is related to the issue where the operation exits the buffer boundaries during the processing of ICC profiles. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7.1AI score0.00256EPSS
Exploits0References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.11 views

The vulnerability of the Anti-Malware module of the Trend Micro Deep Security Agent operating system for Windows allows a malicious actor to escalate their privileges and execute arbitrary code.

The vulnerability of the Anti-Malware module of the Trend Micro Deep Security Agent antivirus protection software for Windows operating systems is related to an incorrect definition of symbolic links before accessing a file. Exploiting this vulnerability can allow attackers to increase their...

7.8CVSS7.5AI score0.0031EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.11 views

The vulnerability of the devinfo interface in D-Link’s microprogrammed router software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the devinfo interface in D-Link’s microprogrammed router software is related to insufficient protection of operational data during the processing of the area parameter. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information by...

5.3CVSS6.2AI score0.18195EPSS
Exploits1References3
Total number of security vulnerabilities5000