Lucene search
K
Bdu FstecMost viewed

90336 matches found

BDU FSTEC
BDU FSTEC
added 2018/08/14 12:0 a.m.10 views

The vulnerability of the API components of Sun ZFS Storage Appliance Kit allows a hacker to gain full control over the application.

The vulnerability of the API framework components of the Sun ZFS Storage Appliance Kit AK is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the application by using network protocols...

7.5CVSS7.8AI score0.0239EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/14 12:0 a.m.10 views

The vulnerability of the JSF server component in WebLogic Server allows a perpetrator to gain unauthorized access to protected data or cause service failures.

The vulnerability of the WebLogic Server application server’s JSF component is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected data or cause service failures using the HTTP protocol...

8.3CVSS7.8AI score0.01784EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/14 12:0 a.m.10 views

The vulnerability of Medtronic MiniMed medical equipment is caused by deficiencies in the authentication mechanism, allowing unauthorized users to replicate intercepted requests.

The vulnerability of Medtronic MiniMed 508, 522, 523, 523K, 551, 722, 723, 723K, and 751 insulin pumps is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows attackers to bypass the authentication process by executing a hijacked request...

6.5CVSS5.5AI score0.00712EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/08/14 12:0 a.m.10 views

The vulnerability of Medtronic MyCareLink Patient Monitor lies in the insufficient verification of data authenticity, allowing attackers to inject arbitrary information into the Medtronic CareLink network.

The vulnerability of Medtronic MyCareLink Patient Monitor relates to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker, operating remotely, to inject arbitrary information into the Medtronic CareLink network...

6.8CVSS5.6AI score0.00361EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/08/14 12:0 a.m.10 views

The vulnerability of Medtronic MyCareLink Patient Monitor’s medical equipment lies in the storage of passwords in a reversible format, which allows an intruder to disclose protected information.

The vulnerability of Medtronic MyCareLink Patient Monitor relates to the storage of passwords in a reversible format. Exploiting this vulnerability could allow an intruder to disclose protected information...

4.9CVSS5.4AI score0.00361EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/08/10 12:0 a.m.10 views

The vulnerability of the Monitoring and Diagnostics component of the JD Edwards EnterpriseOne Tools system allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Monitoring and Diagnostics component of the JD Edwards EnterpriseOne Tools system is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

7.5CVSS7.8AI score0.02766EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/10 12:0 a.m.10 views

The vulnerability of the Print Server component in the business application for managing and distributing information to customers, known as One-to-One Fulfillment, allows a malicious actor to gain unauthorized access to protected data.

The vulnerability of the Print Server component in the business application for managing and distributing information to customers, known as One-to-One Fulfillment, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to ga...

8.2CVSS7.8AI score0.02024EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/10 12:0 a.m.10 views

The vulnerability of the Outside In Filters component of the software development kit (SDK) provided by Outside In Technology allows a perpetrator to gain unauthorized access to protected data or cause service failures.

The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data or cause service failures...

8.5CVSS7.8AI score0.01769EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/10 12:0 a.m.10 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain full control over the application.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...

8.6CVSS7.6AI score0.00584EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/10 12:0 a.m.10 views

The vulnerability of the Product Diagnostic Tools component of the Order Management system allows a perpetrator to gain full control over the application.

The vulnerability of the Product Diagnostic Tools component in the Order Management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the application...

7CVSS7.8AI score0.00408EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/10 12:0 a.m.10 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain full control over the application.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...

8.6CVSS7.6AI score0.00584EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/03 12:0 a.m.10 views

The vulnerability of Oracle Marketing’s User Interface component allows a hacker to gain unauthorized access to protected data.

The vulnerability of Oracle Marketing’s User Interface component is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

8.2CVSS7.8AI score0.02024EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/03 12:0 a.m.10 views

The vulnerability of the Process Analysis & Discovery component of the Business Process Management Suite allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Process Analysis & Discovery component in the Business Process Management Suite is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

9.1CVSS7.8AI score0.0269EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/03 12:0 a.m.10 views

The vulnerability of the Active Management Technology subsystem of Intel’s Converged Security Manageability Engine allows a perpetrator to execute arbitrary code.

The vulnerability of the Active Management Technology subsystem of the Intel Converged Security Manageability Engine arises due to buffer overflows during HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.1CVSS6.2AI score0.01384EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/08/03 12:0 a.m.10 views

The vulnerability of the User Interface component of the Trade Management business platform allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the User Interface component of the Trade Management business platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

8.2CVSS7.8AI score0.02024EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/07/27 12:0 a.m.10 views

The vulnerability of the Qualcomm WLAN operating system driver for Android from the CAF repository allows a hacker to increase their privileges.

The vulnerability of the Qualcomm WLAN operating system driver for Android, found in the CAF repository, is due to an overflow in the buffer in the “stack”. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

9.3CVSS7.5AI score0.00455EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/07/27 12:0 a.m.10 views

The vulnerability of the Qualcomm WLAN operating system driver for Android from the CAF repository allows a hacker to execute arbitrary code.

The vulnerability of the Qualcomm WLAN operating system driver for Android, found in the CAF repository, is caused by buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.3CVSS7.9AI score0.00386EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/07/26 12:0 a.m.10 views

The vulnerability of the TCP/IP component in InduSoft Web Studio and InTouch Machine Edition HMI/SCADA systems allows attackers to execute arbitrary code or cause malfunctions during maintenance operations.

The vulnerability of the TCP/IP component in InduSoft Web Studio and InTouch Machine Edition HMI/SCADA systems arises from buffer overflows due to deficiencies in input data processing tags, events, signaling messages. Exploiting this vulnerability allows a remote attacker to execute arbitrary co...

10CVSS6.3AI score0.04252EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/06/07 12:0 a.m.10 views

The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine lies in memory object handling errors, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Edge browser and the JavaScript script handler ChakraCore is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

7.6CVSS8.5AI score0.66554EPSS
Exploits3References6
BDU FSTEC
BDU FSTEC
added 2018/05/31 12:0 a.m.10 views

The vulnerability of the Windows operating system’s font library, allowing a hacker to execute arbitrary code

The vulnerability of the Windows operating system’s font library relates to the improper handling of embedded fonts. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted font file from a remote location...

9.3CVSS8.2AI score0.2349EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2018/05/11 12:0 a.m.10 views

The vulnerability of the CLI analyzer in the Cisco IOS XE operating system allows a hacker to execute arbitrary commands.

The vulnerability of the Cisco IOS XE operating system’s CLI analyzer is related to deficiencies in access control. Exploiting this vulnerability allows a person with privileges at the EXEC mode level to gain access to the device’s Linux shell and execute arbitrary commands with root privileges...

7.2CVSS5.8AI score0.00424EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/05/03 12:0 a.m.10 views

The vulnerability of the HPE Network Node Manager i (NNMi) software, a computer network management tool, stems from security flaws. This allows attackers to execute cross-site scripting (XSS) attacks, open redirect attacks, and bypass security restrictions.

The vulnerability of the HPE Network Node Manager i NNMi software solution is related to security flaws in its mechanisms. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks, open redirection attacks, and bypass system security restrictions...

10CVSS7.5AI score0.0789EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/04/27 12:0 a.m.10 views

The vulnerability of the ReadTIFFImage function in the console-based image editing tool ImageMagick, which allows a hacker to cause a service failure.

The vulnerability of the ReadTIFFImage function in the coders/tiff.c file of the console-based graphic editor ImageMagick is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through the use of a specially crafted file...

7.1CVSS7.2AI score0.01723EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2018/04/12 12:0 a.m.10 views

The vulnerability of the registration and accounting subsystem of the wireless access point for Moxa AWK-3131A industrial systems allows a intruder to execute arbitrary commands with root privileges.

The vulnerability of the registration and accounting subsystem of the wireless access point for Moxa AWK-3131A industrial systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious act...

10CVSS5.9AI score0.12169EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/04/04 12:0 a.m.10 views

The vulnerability of the pcxLoadRaster function in the Sam2p image conversion utility allows a attacker to cause a service failure or exert other effects.

The vulnerability of the pcxLoadRaster function in the Sam2p image conversion utility is caused by buffer overflow in the dynamic memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

9.8CVSS5.9AI score0.02498EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/03/28 12:0 a.m.10 views

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform arises from insufficient validation of input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS8.2AI score0.10427EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/03/21 12:0 a.m.10 views

The vulnerability of the rds_message_alloc_sgs() function in the Linux operating system allows a hacker to perform write operations beyond the buffer boundaries in memory.

The vulnerability of the rdsmessageallocsgs function in the Linux operating system is related to insufficient checks on the data used by the direct memory access mechanism. Exploiting this vulnerability could allow an attacker to write data beyond the buffer boundaries in memory...

7.8CVSS6.8AI score0.00425EPSS
Exploits0References39Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/03/01 12:0 a.m.10 views

The vulnerability of the index.jsf component in the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the index.jsf component in the HPE Intelligent Management Center PLAT software platform is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the actionInput parameter...

9CVSS8.1AI score0.0572EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2018/03/01 12:0 a.m.10 views

The vulnerability of the operationSelect.xhtml component of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the operationSelect.xhtml component of the HPE Intelligent Management Center PLAT software platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using the beanName parameter...

9CVSS8.1AI score0.0572EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2018/02/07 12:0 a.m.10 views

The vulnerability of the Fetch API interface in Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a perpetrator to trigger a service failure.

The vulnerability of the Fetch API interface in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.6CVSS7.7AI score0.02344EPSS
Exploits0References15Affected Software10
BDU FSTEC
BDU FSTEC
added 2018/02/02 12:0 a.m.10 views

The vulnerability of the experimental implementation of the HTTP/2 protocol in the Apache Traffic Server allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the experimental implementation of the HTTP/2 protocol in the Apache Traffic Server web server arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failur...

9.8CVSS6.2AI score0.05438EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.10 views

The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to the lack of measures taken to neutralize special elements, allowing intruders to execute arbitrary commands.

The vulnerability of the Zivif PR115-204-P-RS webcam microprogramming software is related to the lack of measures taken to neutralize the special elements used in the command string. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using CGI scripts. An example...

10CVSS8.2AI score0.84558EPSS
Exploits8References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.10 views

The vulnerability of Sonatype Nexus Repository Manager, related to the use of cryptographic algorithms containing defects, allows a perpetrator to gain access to authentication data.

The vulnerability of Sonatype Nexus Repository Manager is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to user authentication data and other sensitive information...

10CVSS5.5AI score0.00711EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/01/25 12:0 a.m.10 views

The vulnerability of the auth_password function in the sshd service of the OpenSSH security tool allows a hacker to induce a service failure.

The vulnerability of the authpassword function auth-passwd.c in the sshd service of the OpenSSH encryption protection tool exists due to insufficient input handling mechanisms lack of password length restrictions for authentication. Exploiting this vulnerability allows a malicious actor to cause ...

7.8CVSS6.9AI score0.58568EPSS
Exploits5References14Affected Software2
BDU FSTEC
BDU FSTEC
added 2018/01/24 12:0 a.m.10 views

The vulnerability of the Apache Hadoop distributed development and execution platform, related to insufficient validation of input data, allows a malicious actor to execute commands with root privileges remotely.

The vulnerability of the Apache Hadoop distributed development and execution platform is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute commands with root privileges...

8.5CVSS5.9AI score0.01795EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/01/18 12:0 a.m.10 views

The vulnerability of the Sandbox component of the Mac OS X operating system allows a malicious actor to trigger a service failure or execute arbitrary code in a privileged context.

The vulnerability of the Sandbox component of the Mac OS X operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a privileged context remotely, or to trigger a service failure...

9.3CVSS8.4AI score0.01162EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/01/12 12:0 a.m.10 views

The vulnerability of the try_read_command function (memcached.c) in the memcached data caching software allows a attacker to cause a service failure.

The vulnerability of the tryreadcommand function in the memcached.c library lies in the fact that the operation is executed outside of the buffer in memory. Exploiting this vulnerability allows an attacker, operating locally, to cause a service failure segmentation fault by using a specially...

7.5CVSS7.7AI score0.04166EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/01/12 12:0 a.m.10 views

The vulnerability of the GIF loader in the imlib2 library allows a hacker to trigger a service failure or gain access to confidential data.

The vulnerability of the imlib2 GIF library loader exists due to a read buffer overflow error. Exploiting this vulnerability can allow an attacker to cause service failures or gain access to confidential data using a specially created GIF image...

8.2CVSS7.8AI score0.02784EPSS
Exploits0References7Affected Software3
BDU FSTEC
BDU FSTEC
added 2017/12/26 12:0 a.m.10 views

The vulnerability in GoAhead’s embedded web server software for the COM-module of SICAM RTUs SM-2556 allows a intruder to execute arbitrary code.

The vulnerability of GoAhead’s embedded web server’s COM-module software for SICAM RTUs SM-2556 is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS5.9AI score0.05646EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2017/12/21 12:0 a.m.10 views

The vulnerability of MySQL and MariaDB database drivers for the Perl Database Interface (DBI) relates to buffer overflow attacks, allowing attackers to cause service interruptions.

The vulnerability of the MySQL and MariaDB database drivers for the Perl Database Interface DBI arises due to buffer overflow. Exploiting this vulnerability allows an attacker to trigger a fixed-length buffer error message, leading to a crash error FORTIFYSOURCE. This potentially results in servi...

7.5CVSS8AI score0.0406EPSS
Exploits0References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2017/12/21 12:0 a.m.10 views

The vulnerability of the FileReceiveServlet servlet in the network management system by Brocade Network Advisor allows a attacker to upload a malicious file into the file system, where it can be executed.

The vulnerability of the FileReceiveServlet server in the IP and SAN network management system provided by Brocade Network Advisor exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to download a malicious fi...

10CVSS7.7AI score0.07131EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/12/14 12:0 a.m.10 views

The vulnerability of the “networkmap” component in ASUS’s microprogramming router software allows a hacker to execute arbitrary code.

The vulnerability of the “networkmap” component in ASUS’s microprogramming router software arises from buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by constructing long strings as values for the hostname and port in the response to a...

10CVSS6.5AI score0.21342EPSS
Exploits4References5Affected Software31
BDU FSTEC
BDU FSTEC
added 2017/12/14 12:0 a.m.10 views

The vulnerability of the `usb_get_bos_descriptor` function in the Linux operating system’s kernel allows a hacker to cause a service failure or exert other effects.

The vulnerability of the usbgetbosdescriptor function in the Linux kernel’s drivers/usb/core/config.c file relates to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure or other effects through a specially created USB device...

6.8CVSS7.1AI score0.00381EPSS
Exploits0References22Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/12/04 12:0 a.m.10 views

The vulnerability of the Python script execution subsystem of the NX-OS network operating system allows a attacker to execute arbitrary commands on the underlying operating system.

The vulnerability of the Python script execution subsystem in the NX-OS network operating system is related to insufficient cleaning of user parameters used by certain Python functions in an isolated scripting environment. Exploiting this vulnerability allows a malicious actor to exit the isolate...

7.2CVSS7.1AI score0.00447EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/12/04 12:0 a.m.10 views

The vulnerability in the server component of the SAP POS software for automating accounting, sales, and production processes allows a perpetrator to read and delete files, shut down the Xpress Server, view the contents of the POS terminal, and attack user accounts.

The vulnerability in the server component of the SAP POS software for accounting, trading, and production automation lies in the absence of authentication procedures during file reading, operation completion, daemon shutdown, and terminal reading. Exploiting this vulnerability allows a malicious...

10CVSS7.8AI score0.03916EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/12/04 12:0 a.m.10 views

The vulnerability of the doFilter method in the UrlAccessController class of the HPE Intelligent Management Center PLAT software platform allows a attacker to bypass the authentication process.

The vulnerability of the doFilter method in the UrlAccessController class of the HPE Intelligent Management Center PLAT software platform for managing wired and wireless networks is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor ...

10CVSS7.8AI score0.68916EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.10 views

The vulnerability in the PHPMemcachedAdmin web interface exists due to errors in the mechanism for recovering serialized data. This allows attackers to escalate their privileges and execute arbitrary PHP code.

The vulnerability of the PHPMemcachedAdmin web interface exists due to errors in the mechanism for restoring serialized data. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the level of an administrator and execute arbitrary PHP code...

10CVSS8.1AI score0.11763EPSS
Exploits1References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.10 views

The vulnerability of the Redmine.pm web application for managing projects and tasks allows a perpetrator to gain access to protected information or exert other effects.

The vulnerability of the Redmine.pm web application for managing projects and tasks in Redmine is related to the lack of verification of the “Repository” module in project settings. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to protected...

7.5CVSS7.2AI score0.01288EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/11/10 12:0 a.m.10 views

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser is related to improper handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially crafted web page...

7.6CVSS7.7AI score0.08761EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/11/10 12:0 a.m.10 views

The vulnerability of the _isBidi function in the (bidi.c) library of Libidn2, which allows a hacker to cause a service failure or exert other effects.

The vulnerability of the isBidi function in the bidi.c library from Libidn2 is due to a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures or other adverse effects...

9.8CVSS7.7AI score0.02404EPSS
Exploits0References4Affected Software2
Total number of security vulnerabilities5000