Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.10 views

The vulnerability of the `__lpass_get_dmactl_handle` function in the qcom component of the Linux operating system allows a hacker to induce a service failure.

The vulnerability of the lpassgetdmactlhandle function in the qcom component of the Linux operating system is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

6.2CVSS5.9AI score0.00234EPSS
Exploits0References12Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.10 views

The vulnerability of Adobe InDesign’s computer layout automation tool, related to memory-walking attacks, allows attackers to bypass ASLR protection and disclose the protected information.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to memory-walking attacks. Exploiting this vulnerability can allow an attacker to bypass ASLR protection and disclose the protected information...

5.5CVSS5.4AI score0.00322EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.10 views

The vulnerability of the Webmin CGI request handler allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the Webmin CGI request handler relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges remotely...

9.9CVSS8.5AI score0.32018EPSS
Exploits0References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.10 views

The vulnerability of the Substance 3D Painter software for creating textures and materials for 3D models arises from buffer overflows in the queue, allowing an attacker to execute arbitrary code.

The vulnerability of the Substance 3D Painter software for creating textures and materials for 3D models arises due to an overflow in the buffer area. Exploiting this vulnerability allows a hacker to execute arbitrary code using a specially created file...

7.8CVSS6.2AI score0.00403EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.10 views

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the possibility of writing beyond buffer boundaries during the processing of DOE files. This allows a hacker to execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the issue of writing beyond buffer boundaries during the processing of DOE files. Exploiting this vulnerability allows attackers to execute arbitrary code by loading a specially crafted...

7.8CVSS6.2AI score0.00226EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/26 12:0 a.m.10 views

The vulnerability of the Fortinet FortiClient Enterprise Management Server (EMS) and the FortiClient EMS Cloud cloud storage service lies in the lack of data cleaning measures at the management level. This allows attackers to execute arbitrary code.

The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS and the FortiClient EMS Cloud cloud storage service is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS5.9AI score0.01287EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/12/25 12:0 a.m.10 views

The vulnerabilities of the components of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allow attackers to gain unauthorized access to protected information.

The vulnerability of the components of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform lies in the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access...

3.7CVSS6.5AI score0.00651EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/25 12:0 a.m.10 views

The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) is related to a bug in pointer handling after memory release, allowing an attacker to execute arbitrary code.

The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to a bug in the handling of pointers after memory release during the processing of AcroForm objects. Exploiting this...

7.8CVSS7.6AI score0.00914EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.10 views

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

5.5CVSS5.9AI score0.00487EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/23 12:0 a.m.10 views

The vulnerability in the Profile Name field of the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a attacker to perform XSS attacks.

The vulnerability of the Profile Name field in software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability cou...

5.5CVSS5.8AI score0.00551EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/20 12:0 a.m.10 views

The vulnerability of the Linux operating system’s kernel’s ipv6 component, which allows a hacker to trigger a service failure

The vulnerability of the ipv6 component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

4.7CVSS6.4AI score0.0027EPSS
Exploits0References45Affected Software6
BDU FSTEC
BDU FSTEC
added 2024/12/20 12:0 a.m.10 views

The vulnerability of the operating system for managing Synology Router Manager allows for cross-site scripting attacks, as a lack of security measures has been taken to protect the website structure. This vulnerability enables attackers to carry out cross-site scripting attacks.

The vulnerability of the Synology Router Manager operating system for managing network devices is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.5CVSS5.2AI score0.0026EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.10 views

The vulnerability of the formSetPortMapping function in the Tenda G3 wireless access point’s microprogramming software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the formSetPortMapping function in the Tenda G3 wireless access point’s microprogramming software lies in the fact that the operation exceeds the buffer boundaries in memory when processing parameters such as pPortMapIndex, pLanIP, pProtocl, and pWanid. Exploiting this...

9CVSS6.3AI score0.00531EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.10 views

The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Animate program for creating multimedia and computer animations is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to execute arbitrary code...

7.8CVSS5.8AI score0.00426EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.10 views

The vulnerability of the application development environment and the Angular single-page application platform, related to improper code generation management, allows attackers to execute arbitrary code.

The vulnerability of the application development environment and the Angular single-page application platform is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.4AI score0.02257EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.10 views

The vulnerability of the Wireless Wide Area Network Service (WwanSvc) in Microsoft Windows operating systems allows a hacker to increase their privileges.

The vulnerability of the Wireless Wide Area Network Service WwanSvc in Microsoft Windows operating systems is related to operations that go beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

6.8CVSS5.7AI score0.00812EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.10 views

The vulnerability of the WhatsUp Gold network infrastructure monitoring system, related to errors when using privileged application programming interfaces (APIs), allows a hacker to execute arbitrary code.

The vulnerability of the WhatsUp Gold network infrastructure monitoring system is related to errors when privileged application programming interfaces APIs are used. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS8.4AI score0.09504EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.10 views

The vulnerability of the IPerf3 network bandwidth measurement tool lies in the improper handling of test parameters sent to the server in JSON format. This allows a hacker to cause a service failure.

The vulnerability of the IPerf3 network bandwidth measurement tool is related to the improper processing of testing parameters sent to the server in JSON format. Exploiting this vulnerability can allow a remote attacker to cause service failures...

7.8CVSS6.6AI score0.00908EPSS
Exploits1References8Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.10 views

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of Remote Desktop Services RDS for Windows operating systems is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions from a remote location...

7.8CVSS5.5AI score0.02587EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/12/13 12:0 a.m.10 views

The vulnerability of the Naumen Service Management Platform’s portal for automating business processes is related to the lack of measures taken to protect the website structure, allowing attackers to carry out XSS attacks.

The vulnerability of the Naumen Service Management Platform Naumen SMP Portal lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

8CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.10 views

The vulnerability of the Wireless Wide Area Network Service (WwanSvc) in Microsoft Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Wireless Wide Area Network Service WwanSvc in Microsoft Windows operating systems is related to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

4.6CVSS5.7AI score0.00989EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/12/12 12:0 a.m.10 views

The vulnerability of the Remote Desktop Client for Windows operating systems, related to access control deficiencies, allows a perpetrator to execute arbitrary code.

The vulnerability of the Remote Desktop Client on Windows operating systems is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8.4AI score0.01507EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/12/11 12:0 a.m.10 views

The vulnerability in the RMT_invite.cgi script of NETGEAR R7000 Wi-Fi routers allows a hacker to execute arbitrary commands.

The vulnerability in the RMTinvite.cgi script of NETGEAR R7000 Wi-Fi routers lies in the lack of data cleaning at the control level when processing the parameter devicename2. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

8.4CVSS5.8AI score0.09053EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.10 views

The vulnerability of the atob method in the universal monitoring system Zabbix allows attackers to compromise the integrity of the protected information.

The vulnerability of the atob method in the Zabbix universal monitoring system is related to access to a critical private variable through a publicly accessible method. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information...

6.8CVSS6.6AI score0.00797EPSS
Exploits0References10Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/12/05 12:0 a.m.10 views

The vulnerability of the authentication mechanism of the XRDP remote access tool, which allows a intruder to gain unauthorized access

The vulnerability of the XRDP remote access authentication mechanism is related to deficiencies in the retry limit for authentication attempts, which is controlled by the MaxLoginRetry parameter set in the configuration file /etc/xrdp/sesman.ini. Exploiting this vulnerability allows a malicious...

10CVSS7.1AI score0.00602EPSS
Exploits0References10Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/12/05 12:0 a.m.10 views

The vulnerability of the Puppet infrastructure automation tool and its startup application, Puppet Agent, relates to the insecure transfer of credentials. This allows a malicious individual to access confidential information.

The vulnerability of the Puppet infrastructure automation tool and its startup application, Puppet Agent, is related to the insecure transfer of credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...

10CVSS7.7AI score0.01328EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/12/04 12:0 a.m.10 views

The vulnerability of SketchUp Viewer, a 3D design and architectural drafting software, arises from the possibility of an operation exceeding the buffer in memory. This allows attackers to execute arbitrary code.

The vulnerability of SketchUp Viewer, a 3D design and architectural drafting software, lies in the escape from buffer boundaries during the processing of SKP files. Exploiting this vulnerability allows an attacker to execute arbitrary code...

7.8CVSS7.7AI score0.0034EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/12/04 12:0 a.m.10 views

The vulnerability of the management software for Keycloak’s identification and access controls is related to the use of pre-set user accounts. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Keycloak identity and access management software relates to the use of pre-set user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

5.9CVSS5.5AI score0.00937EPSS
Exploits0References9Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.10 views

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 lies in the absence of authentication for a critical function. This allows attackers to circumvent security restrictions, gain unauthorized access to protected information, or cause service failures.

The vulnerability of the microprogrammed software in industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent...

9CVSS7.2AI score0.00463EPSS
Exploits0References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.10 views

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500, related to the storage of passwords in an open manner, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the storage of passwords in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access ...

9CVSS7.2AI score0.00608EPSS
Exploits0References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/11/29 12:0 a.m.10 views

The vulnerability of the monitoring tool for VMware Aria Operations, related to the lack of protective measures for the website structure, allows attackers to execute cross-site scripting attacks (XSS).

The vulnerability of the monitoring tool for VMware Aria Operations is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...

8CVSS7.5AI score0.00408EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/27 12:0 a.m.10 views

The vulnerability of the driver for the imon component (drivers/media/rc/imon.c) in Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the driver for the imon component drivers/media/rc/imon.c in Linux operating systems is related to an incorrect binding of the interface to the driver due to insufficient validation of input data. Exploiting this vulnerability can allow a perpetrator to cause service failures...

5.5CVSS5.9AI score0.00241EPSS
Exploits0References20Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/11/27 12:0 a.m.10 views

The vulnerability of the qd_check_sync() function in the imon component of Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the qdchecksync function in the imon component of Linux operating systems is related to an uncontrolled, exploitable condition. Exploiting this vulnerability could allow a attacker to cause a service failure...

5.5CVSS6.1AI score
Exploits0References15Affected Software10
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protection for the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

9CVSS5.9AI score0.00781EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of microprogrammed software in industrial routers of the SCALANCE M-800 family (including S615, MUM-800, and RM1224) arises from incorrect restrictions on path names in the limited-access catalog, allowing attackers to influence the integrity of the system.

The vulnerability of microprogrammed software in industrial routers of the SCALANCE M-800 family including S615, MUM-800, and RM1224 is related to incorrect restrictions on path names in the limited-access catalog. Exploiting this vulnerability can allow a malicious actor to influence the integri...

5CVSS7.4AI score0.00265EPSS
Exploits0References3Affected Software18
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of the Cortex XSOAR CommonScripts package for security management, automation, and response solutions lies in the lack of data cleansing at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the Cortex XSOAR CommonScripts package for security management, automation, and response involves a lack of data cleansing measures at the control level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

6.5CVSS8.3AI score0.01234EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

A vulnerability in the web interface for managing SINEC INS software, which manages network infrastructure, exists. This vulnerability is related to an incorrect session expiration time, allowing attackers to maintain a session after deleting the account.

The vulnerability in the web interface for managing SINEC INS software-related network infrastructure is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to maintain a session after deleting the account...

6.8CVSS7.4AI score0.00292EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of the Adobe Photoshop graphic editor lies in its ability to allow unlimited overflow, allowing a hacker to execute arbitrary code.

The vulnerability of the Adobe Photoshop graphic editor is related to the possibility of integer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code...

7.8CVSS5.9AI score0.00299EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerabilities of the String.toLowerCase() and String.toUpperCase() methods in the Java framework allow for security breaches in industrial applications, as they are exploited by attackers to bypass authentication processes.

The vulnerability of the String.toLowerCase and String.toUpperCase methods in the Java framework, which is used for securing industrial applications with Spring Security, is related to improper authentication. Exploiting this vulnerability can allow an attacker to bypass the authentication proces...

4.8CVSS6.5AI score0.00385EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.

The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created PAR file...

7.8CVSS8.3AI score0.00165EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of microprogrammed software in Industrial Routers of the SCALANCE M-800 family (including S615, MUM-800, and RM1224) arises from insufficient validation of input data, allowing a hacker to execute arbitrary code.

The vulnerability of microprogrammed software in industrial routers of the SCALANCE M-800 family including S615, MUM-800, and RM1224 is related to insufficient validation of input data in the iperf function configuration field. Exploiting this vulnerability allows a remote attacker to execute...

9CVSS7.8AI score0.00869EPSS
Exploits0References4Affected Software18
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of the Linux operating system’s kernel USB component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel USB component is related to errors in resource management in the plvendorreq function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.7AI score0.00251EPSS
Exploits0References20Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of the fbdev component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the fbdev component in the Linux operating system’s kernel is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential information...

5.5CVSS6.8AI score0.00245EPSS
Exploits0References10Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation in simulation models for systems and processes involves writing beyond buffer boundaries, allowing attackers to execute arbitrary code.

The vulnerability of the software environment for simulation modeling of systems and processes in Siemens Tecnomatix Plant Simulation lies in the issue of buffer overflow attacks. Exploiting this vulnerability can allow attackers to execute arbitrary code using specially created WRL files...

7.8CVSS7.9AI score0.00272EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of Siemens SINEMA Remote Connect arises from the use of incorrect authentication tokens due to unlimited distribution of resources, which can lead to service failures.

The vulnerability of Siemens SINEMA Remote Connect relates to the use of incorrect authentication tokens due to unlimited distribution of resources. Exploiting this vulnerability can allow a perpetrator to cause service failures...

4CVSS7.2AI score0.00206EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of the software tools for accelerated video processing at the hardware level, the Intel Video Processing Library (VPL), stems from incorrect neutralization of certain elements in the output data. This allows attackers to exploit their privileges.

The vulnerability of the software tools for accelerated video processing at the hardware level, the Intel Video Processing Library VPL, is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability can allow an attacker to enhance their privileges...

4.2CVSS5.4AI score0.00187EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/11/25 12:0 a.m.10 views

The vulnerability in the virtual learning environment Moodle, related to improper restrictions on the path name to a limited catalog, allows a intruder to gain access to confidential data.

The vulnerability in the virtual training environment Moodle is related to the local loading of files during the restoration of incorrect backup copies of modules. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential data...

7.8CVSS5.4AI score0.00638EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/11/25 12:0 a.m.10 views

The vulnerability in the virtual learning environment Moodle arises from the lack of measures taken to protect the structure of web pages. This allows attackers to carry out attacks using cross-site scripting (XSS).

The vulnerability in the virtual learning environment Moodle exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out attacks using cross-site scripting XSS...

6.4CVSS5.2AI score0.00357EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/11/22 12:0 a.m.10 views

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks arises from incorrect restrictions on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks is related to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7.5AI score0.17851EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/11/21 12:0 a.m.10 views

The vulnerability of the xen/evtchn components in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the xen/evtchn components in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6.8AI score0.00222EPSS
Exploits0References21Affected Software4
Total number of security vulnerabilities5000