Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2021/11/12 12:0 a.m.11 views

The vulnerability of HMI/SCADA systems like xArrow arises from the possibility of running them with unverified registry keys with application-level privileges. This allows attackers to bypass existing security restrictions and enhance their privileges.

The vulnerability of HMI/SCADA systems like xArrow stems from the ability to execute commands through unverified registry keys with application-level privileges. Exploiting this vulnerability allows attackers to bypass existing security restrictions and enhance their privileges...

5.6CVSS7.3AI score0.0025EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/12 12:0 a.m.11 views

The vulnerability of the File Transfer Protocol (FTP) implementation and the NAT functions of the Application Layer Gateway (ALG) in microprogrammable network devices such as Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to circumvent security restrictions and establish unauthorized connections.

The vulnerability of the File Transfer Protocol FTP implementation and the Network Address Translation NAT function of the Application Layer Gateway ALG in microprogrammable network devices such as Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to...

5CVSS5.9AI score0.011EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/11/10 12:0 a.m.11 views

The vulnerability of the Address Book component of the Microsoft Outlook client, which allows attackers to perform spoofing attacks

The vulnerability of the Address Book component in the Microsoft Outlook email client is related to insufficient validation of addresses in headers. Exploiting this vulnerability could allow attackers, operating remotely, to carry out spam attacks using externally similar IDN domains...

7.5CVSS5.5AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/10/15 12:0 a.m.11 views

The vulnerability of the Media Foundation Dolby Digital Atmos Decoders in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Media Foundation Dolby Digital Atmos Decoders in the Windows operating system is related to improper code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

9CVSS7.7AI score0.02383EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.11 views

The vulnerability of the Bluetooth Classic platform for software development, developed by Zhuhai Jieli AC6366C BT SDK, stems from insufficient validation of input data. This allows attackers to trigger service failures.

The vulnerability of the Bluetooth Classic platform used for software development by Zhuhai Jieli AC6366C BT SDK exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through the created LMP packe...

6.5CVSS6.6AI score0.00688EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.11 views

Vulnerability of operating systems macOS, watchOS, iOS, and iPadOS, related to initialization errors, allowing attackers to disclose sensitive information

The vulnerabilities of operating systems macOS, watchOS, iOS, and iPadOS are related to initialization errors. Exploiting these vulnerabilities can allow attackers to disclose sensitive information that is protected by security measures...

5.5CVSS6.9AI score0.1652EPSS
Exploits2References12Affected Software4
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.11 views

The vulnerability of the Visual Composer browser-based modeling tool of the SAP NetWeaver software integration platform allows a perpetrator to escalate their privileges, execute arbitrary commands, or cause service interruptions.

The vulnerability of the Visual Composer browser-based modeling tool of the SAP NetWeaver software integration platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow a remote attacker to enhance their privileges, execute arbitrary commands, or cau...

9.9CVSS7.9AI score0.37149EPSS
Exploits1References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.11 views

The vulnerability in the VMI web interface of vCenter Server Appliance, a management tool for VMware vCenter Server virtual infrastructure, allows an attacker to gain unauthorized access to protected information.

The vulnerability in the VCenter Server Management Interface of the VMware vCenter Server web interface relates to deficiencies in system security restrictions. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending a specially crafte...

7.5CVSS7.6AI score0.01339EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.11 views

The vulnerability of the configuration parameters `proto-max-bulk-len` and `client-query-buffer-limit` of the Redis database management system allows a hacker to execute arbitrary code.

The vulnerability of the Redis database management system’s configuration parameters, proto-max-bulk-len and client-query-buffer-limit, is related to the possibility of integer overflow in the buffer. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.5CVSS6.9AI score0.03688EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.11 views

The vulnerability of the isotp_setsockopt function in the net/can/isotp.c component of the Linux kernel, which relates to the use of memory after it is freed, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the isotpsetsockopt function in the net/can/isotp.c component of the Linux kernel is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...

7.8CVSS6.4AI score0.00418EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/09/10 12:0 a.m.11 views

The vulnerability of the ssh_form.php script, a monitoring tool for the functions and status of Advantech R-SeeNet routers, allows a hacker to execute arbitrary code.

The vulnerability of the sshform.php script, a monitoring tool for the functions and status of Advantech R-SeeNet routers, exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

6.1CVSS7.5AI score0.14115EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2021/09/10 12:0 a.m.11 views

The vulnerability of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, related to access control deficiencies, allows an attacker to gain access to confidential internal services through an external interface.

The vulnerability of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential internal services through an external...

8.3CVSS7.5AI score0.00402EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/08 12:0 a.m.11 views

The vulnerability of the PopojiCMS content management system arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary web or HTML scripts.

The vulnerability in the /admin.php?mod=user&act=addnew function of the PopojiCMS content management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary web or HTML scripts by using a special...

6.1CVSS6.7AI score0.00782EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/08 12:0 a.m.11 views

The vulnerability of the Microsoft Dynamics 365 Business Central and integrated enterprise management system for small and medium-sized businesses lies in the lack of security measures for the website structure. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the Microsoft Dynamics 365 Business Central and integrated enterprise management system relates to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created...

5.8CVSS6AI score0.0095EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/07 12:0 a.m.11 views

The vulnerability of the mailboxd component (Autodiscover/Autodiscover.xml) in the Zimbra Collaboration Suite enterprise email management system allows a hacker to execute an XXE attack.

The vulnerability of the mailboxd component Autodiscover/Autodiscover.xml in the Zimbra Collaboration Suite enterprise email management system is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to execute an XXE atta...

10CVSS7.9AI score0.99986EPSS
Exploits4References8
BDU FSTEC
BDU FSTEC
added 2021/08/19 12:0 a.m.11 views

The vulnerability of the graphical interface (GDM/GNOME3) of the ROSA KOBALT operating system, which allows a perpetrator to increase their privileges

The vulnerability of the graphical interface GDM/GNOME3 of the ROSA KOBALT operating system is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to gain increased privileges...

4.7CVSS5.5AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/08/18 12:0 a.m.11 views

The vulnerability of the Adobe Framemaker desktop publishing system, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Framemaker desktop publishing system lies in the writing of code beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

8.8CVSS7.9AI score0.03966EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/08/18 12:0 a.m.11 views

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud, as well as Adobe Acrobat 2017 and Adobe Acrobat Reader 2017, are related to memory usage after it is released. These vulnerabilities allow attackers to gain unauthorized access to protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to gain...

7.5CVSS7.5AI score0.04477EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/07/20 12:0 a.m.11 views

The vulnerability of the Mozilla Thunderbird email client, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of Mozilla Thunderbird’s email client is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in an MITM Man-In-The-Middle scenario by sending an arbitrary IMAP command...

6.5CVSS7.4AI score0.012EPSS
Exploits0References11Affected Software5
BDU FSTEC
BDU FSTEC
added 2021/07/20 12:0 a.m.11 views

The vulnerability of the __cil_verify_classperms() function in the SELinux access control system allows a perpetrator to trigger a service failure.

The vulnerability of the cilverifyclassperms function in the SELinux access control system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to trigger a service failure...

5.5CVSS6.4AI score0.00453EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/07/20 12:0 a.m.11 views

The vulnerability of the MagickCore/visual-effects.c file, a set of programs for reading and editing ImageMagisk files, arises from the lack of zero-division checking. This allows an attacker to trigger a service failure.

The vulnerability of the MagickCore/visual-effects.c file, a set of programs for reading and editing ImageMagisk files, is related to the lack of checks for division by zero. Exploiting this vulnerability could allow an attacker to cause service interruptions...

7.1CVSS6.7AI score0.01199EPSS
Exploits0References13Affected Software5
BDU FSTEC
BDU FSTEC
added 2021/07/15 12:0 a.m.11 views

The vulnerability of the _maliciousfilename function in the Archive_Tar class of the PHP classes in the PEAR library allows a malicious actor to execute arbitrary PHP code.

The vulnerability of the maliciousfilename function in the ArchiveTar class of the PHP classes in the PEAR library is related to the restoration of a unreliable data structure in memory. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code using a specially crafted .tar...

8.8CVSS7.6AI score0.47493EPSS
Exploits2References10Affected Software5
BDU FSTEC
BDU FSTEC
added 2021/07/15 12:0 a.m.11 views

The vulnerability of several functions in libscp_v0.c allows an attacker to access confidential information or cause service failures, due to buffer overflows in the stack of the RDP server xrdp.

The vulnerability of several functions in libscpv0.c affects the RDP server xrdp. It involves buffer overflow in the data stack buffer. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...

7.8CVSS7.5AI score0.02404EPSS
Exploits0References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/07/08 12:0 a.m.11 views

The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.

The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...

7.8CVSS7.3AI score0.02267EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/07/06 12:0 a.m.11 views

The vulnerability of the `inotify_update_existing_watch()` function in the Linux kernel’s `fs/notify/inotify/inotify_user.c` file, related to a lack of memory release mechanism, allows a malicious actor to trigger a service failure.

The vulnerability of the inotifyupdateexistingwatch function in the fs/notify/inotify/inotifyuser.c file of the Linux operating system’s kernel is related to a lack of memory release mechanism. Exploiting this vulnerability allows an attacker to trigger a service failure...

5.5CVSS6.5AI score0.00417EPSS
Exploits0References17Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.11 views

The vulnerability of the Lodash application library of Aurora Center lies in the failure to take measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of the Lodash application library in Aurora Software Solutions relates to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

7.2CVSS7.3AI score0.2241EPSS
Exploits2References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/06/09 12:0 a.m.11 views

The vulnerability of the yargs-parser library in application software of Aurora Center involves uncontrolled changes to object prototypes’ attributes, allowing attackers to execute “prototype pollution” attacks.

The vulnerability of the yargs-parser library in application software developed by Avora Center relates to uncontrolled changes to object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype compromise” attack...

5.3CVSS6.8AI score0.00514EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/04 12:0 a.m.11 views

The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems arises from copying buffers without checking the size of the input data. This allows a malicious actor to trigger an emergency shutdown of the system.

The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch SCADA systems relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to cause damage to multiple stack frames and re-write...

2.9CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/02 12:0 a.m.11 views

The vulnerability of the Exim message transfer agent, related to privilege management errors, allows a hacker to elevate their privileges within the system.

The vulnerability of the Exim message transfer agent is related to privilege management errors. Exploiting this vulnerability can allow an attacker to elevate privileges within the system by sending the file’s PID...

6.1CVSS7.3AI score0.00948EPSS
Exploits1References16Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.11 views

The vulnerability of Linux operating system’s kernel-based PI futex components, which allows a hacker to execute arbitrary code at the kernel level

The vulnerability of Linux operating system’s kernel PI futexes relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code at the kernel level...

7.8CVSS7AI score0.01377EPSS
Exploits1References28Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/05/12 12:0 a.m.11 views

The vulnerability of the Apache OFBiz resource planning software lies in its ability to restore unreliable data in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Apache OFBiz’s resource planning software lies in its ability to restore unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted request...

9CVSS8.2AI score0.81079EPSS
Exploits2References10Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/12 12:0 a.m.11 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

6CVSS6.7AI score0.00351EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/05 12:0 a.m.11 views

The vulnerability of Qualcomm’s software, related to deficiencies in access control, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Qualcomm’s software is related to deficiencies in access control. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS7.4AI score0.00958EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/05/05 12:0 a.m.11 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.3CVSS6.5AI score0.00687EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/05 12:0 a.m.11 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

7.1CVSS6.8AI score0.00373EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/05 12:0 a.m.11 views

The vulnerability of Microprogramming Software for Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) relates to writing beyond the buffer boundaries, allowing attackers to trigger a system reboot or cause service failure.

The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot or caus...

8.6CVSS7.4AI score0.01656EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.11 views

The vulnerability of Containerd’s execution environment, related to the lack of a mechanism for storing registration data, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of Containerd’s execution environment is related to improper processing of the image manifest file. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information...

6.1CVSS6.6AI score0.02209EPSS
Exploits1References11Affected Software5
BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.11 views

The vulnerability of the Node.js software platform, related to a bug in the resource consumption monitoring mechanism, allows a hacker to trigger a service failure.

The vulnerability of the Node.js software platform is related to the improper handling of a large number of requests sent to the unknownProtocol. Exploiting this vulnerability allows an attacker who operates remotely to cause service failures...

7.8CVSS6.9AI score0.77385EPSS
Exploits0References7Affected Software5
BDU FSTEC
BDU FSTEC
added 2021/04/06 12:0 a.m.11 views

The vulnerability of the Node.js software platform, related to the presence of localhost6 in the white list, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Node.js software platform is related to the presence of localhost6 in the white list. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

7.5CVSS6.9AI score0.32362EPSS
Exploits1References12Affected Software5
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.11 views

The vulnerability of the Google Chrome browser’s presentation API involves the use of a memory area after it is freed. This allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Google Chrome browser’s presentation API relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...

9.3CVSS7.7AI score0.02296EPSS
Exploits0References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.11 views

The vulnerability of the Magento Commerce software development and management platform lies in its lack of measures to neutralize special elements used in the operating system, allowing attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software development and management platform is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8CVSS7.8AI score0.02863EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.11 views

The vulnerability of the Windows Console Driver component of the Windows operating system, which allows a hacker to trigger a service failure

The vulnerability of the Windows Console Driver component of the operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

6.8CVSS5.9AI score0.01516EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.11 views

The vulnerability of the CheckList component of the Joomla! content management system allows a hacker to execute arbitrary SQL commands.

The vulnerability of the CheckList component in the Joomla! content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

10CVSS8.2AI score0.08708EPSS
Exploits5References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.11 views

The vulnerability of the executable file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, allows a perpetrator to execute arbitrary code.

The vulnerability of the installation file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially uploaded DLL...

7.8CVSS7.1AI score0.00604EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.11 views

The vulnerabilities of the 3D model rendering software programs Luxion KeyShot, Luxion KeyShot Viewer, Luxion KeyShot Network Rendering, and Luxion KeyVR allow attackers to execute arbitrary code.

The vulnerabilities of the 3D model rendering software programs Luxion KeyShot, Luxion KeyShot Viewer, Luxion KeyShot Network Rendering, and Luxion KeyVR are related to pointer assignment errors. Exploiting these vulnerabilities can allow attackers to execute arbitrary code...

7.8CVSS7.6AI score0.02164EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.11 views

The vulnerability of Adobe Illustrator 2021, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe Illustrator 2021 graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

10CVSS7.8AI score0.02249EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.11 views

The vulnerability of Cisco Webex Meetings’ software web interface allows attackers to carry out cross-site scripting attacks.

The vulnerability of Cisco Webex Meetings’ software web interface is related to deficiencies in neutralizing special characters. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.1CVSS6AI score0.00784EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/02/08 12:0 a.m.11 views

The vulnerability of the Windows operating system’s kernel, related to insecure management of privileges, allows attackers to elevate their own privileges.

The vulnerability of the Windows operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

7.8CVSS7.1AI score0.00647EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/02/08 12:0 a.m.11 views

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the vManage web interface of the Cisco SD-WAN program-defined network is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

6.8CVSS6.5AI score0.0141EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/08 12:0 a.m.11 views

The vulnerability of the components of the Cisco Email Security Appliance, a system for email security management, and the Cisco Content Security Management Appliance, a system for content security management, as well as the Cisco Web Security Appliance, an internet gateway, allows attackers to gain unauthorized access to protected information.

The vulnerability of the components of the Cisco Email Security Appliance, the Cisco Content Security Management Appliance, and the Cisco Web Security Appliance involves a lack of authentication token requirements. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...

5.3CVSS5.9AI score0.01142EPSS
Exploits0References2Affected Software3
Total number of security vulnerabilities5000