19 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-27978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, origin: null was treated as a...
EUVD-2024-27978
Malicious code in bioql PyPI...
CVE-2024-27978
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks...
CVE-2023-27978
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...
CVE-2022-27978
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...
CVE-2020-27978
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...
CVE-2024-27978
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks...
CVE-2024-27978
Ivanti Avalanche CVE-2024-27978 is a Null Pointer Dereference in the WLAvalancheService component that allows an authenticated remote attacker to cause a denial-of-service condition. This affects Ivanti Avalanche versions prior to 6.4.3; the issue can be triggered by accessing the WLAvalancheServ...
CVE-2022-27978
creationtimestamp| type| source ---|---|--- 2023-04-26 20:25:57+00:00| seen| https://t.me/cibsecurity/62913...
CVE-2022-27978
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...
CVE-2022-27978
Tooljet (v1.6) is affected by an issue described as improper handling of missing values in the API, which enables an attacker to arbitrarily reset user passwords via a crafted HTTP request. The vulnerability is evidenced in CVE-2022-27978 and mapped to a CVSS v3.1 base score of 7.5 (HIGH) with NE...
CVE-2022-27978
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...
CVE-2022-27978
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...
CVE-2023-27978
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...
CVE-2023-27978
A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data...
CVE-2023-27978
The CVE-2023-27978 entry describes a CWE-502 Deserialization of Untrusted Data vulnerability in Schneider Electric IGSS Dashboard module. Affected are IGSS Data Server (IGSSdataServer.exe) 16.0.0.23040 and prior, IGSS Dashboard (DashBoard.exe) 16.0.0.23040 and prior, and Custom Reports (RMS16.dll...
CVE-2020-27978
creationtimestamp| type| source ---|---|--- 2020-10-28 17:33:33+00:00| seen| https://t.me/cibsecurity/15685...
CVE-2020-27978
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...
CVE-2020-27978
CVE-2020-27978 (Shibboleth Identify Provider 3.x prior to 3.4.6) is a denial-of-service vulnerability where a remote unauthenticated attacker can trigger a login flow that exhausts Java heap by creating objects in the Java Servlet container session. Affected product is Shibboleth Identify Provide...