Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2022/09/02 12:0 a.m.10 views

The vulnerability of Google Chrome’s SplitScreen display mode allows a hacker to disclose protected information.

The vulnerability of Google Chrome’s SplitScreen display mode is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to disclose protected information...

7.8CVSS7.6AI score0.00543EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/09/02 12:0 a.m.10 views

The vulnerability of the REST API interface of the Apache Geode data management platform allows a hacker to execute arbitrary code.

The vulnerability of the REST API interface of the Apache Geode data management platform involves the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.01335EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.10 views

The vulnerability of microprogrammed software in industrial software-hardware equipment from General Electric’s Renewable Energy iNET, iNET II, TD220X, and TD220MAX models is related to uncontrolled resource consumption. This vulnerability allows a perpetrator to cause malfunctions in the equipment.

The vulnerability of microprogrammed software in industrial software-hardware equipment from General Electric’s Renewable Energy iNET, iNET II, TD220X, and TD220MAX models is related to uncontrolled resource consumption. Exploiting this vulnerability can allow attackers to cause malfunctions in t...

8CVSS7.7AI score0.00631EPSS
Exploits0References4Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/08/30 12:0 a.m.10 views

The vulnerability of the SBIOS component in NVIDIA’s DGX A100 server allows a hacker to execute arbitrary code, cause system failures, or compromise the confidentiality of protected information.

The vulnerability of the SBIOS component in NVIDIA’s Ofbd server NVIDIA DGX A100 is related to the use of an uninitialized pointer on the stack. Exploiting this vulnerability could allow a attacker to execute arbitrary code, cause service failures, or compromise the confidentiality of protected...

8.2CVSS7.8AI score0.00243EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/30 12:0 a.m.10 views

The vulnerability of the Zabbix Frontend universal monitoring system arises from the lack of protective measures for the web page structure, allowing attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Zabbix Frontend universal monitoring system exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information through a specially...

4.4CVSS5.8AI score0.01203EPSS
Exploits0References13Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/08/29 12:0 a.m.10 views

The vulnerability of the /librarian/studentdetails.php component of the Library Management System allows a malicious individual to execute arbitrary SQL queries.

The vulnerability of the /librarian/studentdetails.php component of the Library Management System lies in the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

7.5CVSS8AI score0.00866EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.10 views

The vulnerability of the Adobe Framemaker desktop publishing system lies in its memory management after memory is freed, allowing an attacker to execute arbitrary code.

The vulnerability of the desktop publishing system Adobe Framemaker relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious file...

7.8CVSS7.6AI score0.0043EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.10 views

The vulnerability of the Azure RTOS GUIX Studio development environment, related to access segmentation faults, allows attackers to disclose protected information.

The vulnerability of the Azure RTOS GUIX Studio development environment is related to access control errors. Exploiting this vulnerability could allow an attacker to disclose sensitive information through a specially created application...

5.5CVSS6.5AI score0.00889EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.10 views

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat, and Adobe Acrobat Reader lies in their memory management after memory is freed, allowing an attacker to execute arbitrary code.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat, and Adobe Acrobat Reader are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow attackers to execute arbitrary...

7.8CVSS7.7AI score0.03847EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.10 views

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of protective measures for website structures, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

5.5CVSS5.3AI score0.68332EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/08/22 12:0 a.m.10 views

The vulnerability in the web interface of Cisco IOS XE allows a hacker to inject commands into the base operating system with root privileges.

The vulnerability of Cisco IOS XE web interfaces exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to inject commands into the base operating system with root privileges, as a result of sending...

6.5CVSS6.5AI score0.01542EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/08/19 12:0 a.m.10 views

The vulnerability of the `createThumbnailFromPath` function in the Electron application creation software platform allows a hacker to disclose protected information.

The vulnerability of the createThumbnailFromPath function in the Electron application development platform is related to the disclosure of information in a erroneous data area. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected information...

8.6CVSS7.5AI score0.01017EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.10 views

The vulnerability of the Windows Bluetooth Service driver of the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Windows Bluetooth Service driver exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.7AI score0.00845EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.10 views

The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations lies in insufficient validation of incoming requests, allowing a perpetrator to disclose sensitive information.

The vulnerability of the monitoring tool for the vRealize Operations virtual infrastructure is related to insufficient checking of incoming requests. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information...

4CVSS5.3AI score0.00588EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.10 views

The vulnerability of Microsoft Windows Defender operating system allows attackers to increase their privileges.

The vulnerability of Microsoft Windows Defender operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7.3AI score0.00749EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/08/12 12:0 a.m.10 views

The vulnerability of the Azure Batch service for Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the Azure Batch service for Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7CVSS7.4AI score0.00374EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.10 views

The vulnerability of the Jenkins Repository Connector Plugin, related to deficiencies in the authentication process, allows attackers to disclose sensitive information about the file system.

The vulnerability of the Jenkins Repository Connector Plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information about the file system...

4.3CVSS5.4AI score0.00581EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.10 views

The vulnerability of the HTTP Request Handler component in the SAP Business One License service API allows a perpetrator to execute arbitrary code due to incorrect authentication.

The vulnerability of the HTTP Request Handler component in the SAP Business One License service API is related to incorrect authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted HTTP request...

7.8CVSS7.6AI score0.00867EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/02 12:0 a.m.10 views

The vulnerability of microprogrammed software in Siemens SIMATIC S7-400 and SIMATIC S7-410 programmable logic controllers arises from the possibility of an operation outputting data beyond the buffer boundaries in memory. This vulnerability allows a malicious entity to cause malfunctions during maintenance operations.

The vulnerability of microprogrammed software in Siemens SIMATIC S7-400 and SIMATIC S7-410 programmable logic controllers is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause malfunctions by sending special...

7.8CVSS7.5AI score0.00965EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/08/01 12:0 a.m.10 views

The vulnerability of microprogramming software in industrial software-hardware equipment from General Electric’s Renewable Energy iNET, iNET II, TD220X, and TD220MAX systems lies in the fact that code loading occurs without checking its integrity. This allows attackers to gain unauthorized access to the target system.

The vulnerability of microprogrammed software in industrial software-hardware equipment from General Electric’s Renewable Energy iNET, iNET II, TD220X, and TD220MAX systems lies in the fact that code can be loaded without checking its integrity. Exploiting this vulnerability allows a malicious...

9CVSS7.8AI score0.00353EPSS
Exploits0References3Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/08/01 12:0 a.m.10 views

The vulnerability of the XPC service implementation in the Mac OS X operating system allows a perpetrator to bypass the authentication process.

The vulnerability of the XPC service implementation in the Mac OS X operating system is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass authentication procedures and gain administrator privileges...

8.4CVSS7.7AI score0.09887EPSS
Exploits16References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/01 12:0 a.m.10 views

The vulnerability of the TestEmail function in the Reolink RLC-410W camera’s microprogramming system allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the TestEmail function in the Reolink RLC-410W camera’s microprogramming system is related to memory overflow. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information through...

10CVSS7.8AI score0.01397EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/29 12:0 a.m.10 views

The vulnerability of the nfnetlink_queue module in Linux operating systems, related to incorrect handling of verdicts with a single-byte attribute nfta_payload, allows a perpetrator to trigger a service failure.

The vulnerability of the nfnetlinkqueue module in Linux operating systems is related to incorrect handling of verdicts with a single-byte attribute named nftapayload. Exploiting this vulnerability allows an attacker to cause service failures remotely...

9CVSS6.5AI score0.05542EPSS
Exploits1References51Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/07/22 12:0 a.m.10 views

The vulnerability of the Redis database management system, related to buffer overflows in the queue, allows attackers to execute arbitrary code.

The vulnerability of the Redis database management system is related to buffer overflow in the queue. Exploiting this vulnerability allows an attacker to execute arbitrary code using the X AUTOCLAIM command...

7CVSS6.7AI score0.02383EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.10 views

The vulnerability of the Red Database database management system lies in the improper neutralization of equivalent special elements, allowing attackers to provide unreliable data during a search query.

The vulnerability of the RedBase database management system is related to the improper neutralization of equivalent special elements. Exploiting this vulnerability allows an attacker to provide unreliable data during a search using Distinguished Names, by employing special symbols...

4CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/20 12:0 a.m.10 views

The vulnerability of the Apache Tomcat application server’s Realm implementation, related to information disclosure due to mismatches, allows attackers to determine all existing user names.

The vulnerability of the Apache Tomcat application server’s Realm implementation is related to the exposure of information through mismatches. Exploiting this vulnerability allows a remote attacker to discover all existing user names...

5.9CVSS6.5AI score0.07991EPSS
Exploits0References21Affected Software10
BDU FSTEC
BDU FSTEC
added 2022/07/18 12:0 a.m.10 views

The vulnerability of the Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Windows operating system’s kernel is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow an attacker to disclose the protected information...

4.7CVSS6.3AI score0.00649EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.10 views

The vulnerability of the SEPCOS Single Package control and protection relay software allows a intruder to modify user credentials and permissions without authentication.

The vulnerability of the SEPCOS Single Package control and protection relay software is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability allows a malicious actor to modify user credentials and permissions without authentication...

9.7CVSS7.7AI score0.01004EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability lies in the communication functions between the Omron NJ/NX automation controller, the Omron Sysmac Studio automation software, and the programmable terminal Omron NA. This vulnerability allows a perpetrator to gain access to the controller.

The vulnerability of communication functions between Omron NJ/NX automation controllers, Omron Sysmac Studio automation software, and Omron NA programmable terminals is related to the use of rigidly encoded account data. Exploiting this vulnerability can allow a malicious actor to gain access to...

7.7CVSS7.5AI score0.0131EPSS
Exploits0References5Affected Software8
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability of the custom-content-type-manager plugin in the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the custom-content-type-manager plugin in the WordPress content management system is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.8CVSS7.5AI score0.03214EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability of the `WebCore::TextureMapperLayer::setContentsLayer` function in WebKitGTK and WPE WebKit rendering modules allows a attacker to execute arbitrary code or cause a service denial.

The vulnerability of the WebCore::TextureMapperLayer::setContentsLayer function WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in the rendering modules of WebKitGTK and WPE WebKit is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a...

7.6CVSS7.4AI score0.02158EPSS
Exploits1References7Affected Software15
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability of the FortiESNAC service, a security solution from Fortinet’s FortiClient for Windows, allows attackers to escalate their privileges.

The vulnerability of the FortiESNAC service in the Fortinet FortiClient for Windows security solution is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow attackers to increase their privileges...

8.8CVSS5.5AI score0.00495EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability of the cross-platform hypervisor Xen in the Linux operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the cross-platform hypervisor Xen in the Linux operating system is related to the disclosure of information. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

7.8CVSS6.4AI score0.00325EPSS
Exploits0References61Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability in the HTTP server of the microprogramming software for AutomationDirect C-More series of touchscreen HMI devices allows a hacker to disclose protected information.

The vulnerability of the HTTP server of the C-More EA9 HMI series of touchscreen software solutions is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that is protected by the system...

7.8CVSS7.1AI score0.00441EPSS
Exploits0References3Affected Software12
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability lies in the communication functions between the Omron NJ/NX automation controller, the Omron Sysmac Studio automation software, and the programmable terminal Omron NA. This vulnerability allows a perpetrator to gain access to the controller.

The vulnerability of the communication functions between Omron NJ/NX automation controllers, the Omron Sysmac Studio automation software, and the programmable terminal Omron NA lies in the ability to bypass the authentication process by using capture-replay techniques for intercepted parameters...

6.8CVSS7.5AI score0.01769EPSS
Exploits0References4Affected Software8
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability of the SEPCOS Single Package software for the Secheron SEPCOS control and protection relay allows a hacker to elevate their privileges to the level of a superuser.

The vulnerability of the SEPCOS Single Package control and protection relay software is related to weak password requirements. Exploiting this vulnerability could allow a malicious actor to elevate their privileges to superuser status through the open TCP port for SSH...

10CVSS7.7AI score0.02025EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability of the `ecdsa_verify_[prepare_]legacy()` command-line tool for ECDSA elliptic curve cryptography, provided by `ecdsautils`, allows a perpetrator to compromise data integrity.

The vulnerability of the ecdsaverifypreparelegacy command-line tool for ECDSA elliptic curve cryptography, provided by ecdsautils, is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a remote attacker to compromise the integrity of data...

10CVSS7.5AI score0.01038EPSS
Exploits0References9Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.10 views

The vulnerability of the SEPCOS Single Package software for the Secheron SEPCOS control and protection relays allows a intruder to disclose protected information.

The vulnerability of the SEPCOS Single Package control and protection relay system in Secheron SEPCOS is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...

6.8CVSS6.5AI score0.00723EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.10 views

The vulnerability of the statussupport_diagnostic_tracing.json component of the SerComm h500s router software allows a hacker to execute arbitrary commands.

The vulnerability of the statussupportdiagnostictracing.json component of the SerComm h500s router software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS7.5AI score0.23666EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.10 views

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process, allowing attackers to execute a “man-in-the-middle” attack.

The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process for certificates. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...

7.4CVSS6.5AI score0.01028EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/07/08 12:0 a.m.10 views

The vulnerability of the QNAP QVR surveillance system, related to the failure to take measures to neutralize special elements used in the operating system’s command, allows intruders to compromise the confidentiality, integrity, and accessibility of information.

The vulnerability of the QNAP QVR video surveillance system is related to the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...

10CVSS8AI score0.01271EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/06 12:0 a.m.10 views

The vulnerability of Adobe Reader and Adobe Acrobat PDF viewer/editor programs, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of PDF viewing and editing programs like Adobe Reader and Adobe Acrobat lies in the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by using a specially create...

10CVSS8.8AI score0.78581EPSS
Exploits8References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/07/04 12:0 a.m.10 views

The vulnerability of the Microsoft Office suite, related to pointer offsets, allows a perpetrator to execute arbitrary code or gain full control over the application.

The vulnerability of the Microsoft Office package is related to a pointer offset issue during the processing of the cbHdrData element in the FEATHEADER field of BIFF format files. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain full control over the application...

9.6CVSS6.4AI score0.85731EPSS
Exploits10References15
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.10 views

The vulnerability of the kernel-level driver nvlddmkm.sys of the NVIDIA GPU Display Driver allows a attacker to cause a service failure.

The vulnerability of the kernel-level driver nvlddmkm.sys of the NVIDIA GPU Display Driver is related to the lack of resource release after the expiration of its useful life. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.6AI score0.00264EPSS
Exploits0References3Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.10 views

The vulnerability of embedded images of PACsystems programmable logic controllers allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of embedded images of PACsystems programmable logic controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause...

10CVSS5.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.10 views

The vulnerability of the Process Scheduler component in the PeopleSoft Enterprise PeopleTools business application package allows a hacker to gain read access to data or modify data.

The vulnerability of the Process Scheduler component in the PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify data using special...

6.1CVSS6.8AI score0.00803EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.10 views

The vulnerability of the Apache Kafka message dispatcher, related to deficiencies in access control, allows attackers to bypass security restrictions.

The vulnerability of the Apache Kafka message dispatcher is related to deficiencies in access control when using an Access Control List. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created request...

9CVSS6.9AI score0.05479EPSS
Exploits0References15Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.10 views

The vulnerability of the Web Services Security component of the Oracle Web Services Manager allows a perpetrator to gain read access to data or modify data.

The vulnerability of the Web Services Security component of the Oracle Web Services Manager exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially crafted HTTP...

8.1CVSS6.9AI score0.01623EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.10 views

The vulnerability of the User Interface component of the Oracle Transportation Management software allows a perpetrator to gain access to read data or modify data.

The vulnerability of the User Interface component of the Oracle Transportation Management software is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP requests...

6.1CVSS6.8AI score0.00803EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/27 12:0 a.m.10 views

The vulnerability of the Navigation Pages, Portal, and Query components of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain access to read data or modify data.

The vulnerability of the Navigation Pages, Portal, and Query components in Oracle PeopleSoft Enterprise PeopleTools exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP reques...

6.1CVSS6.8AI score0.00771EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000