Lucene search
K

173 matches found

CNNVD
CNNVD
added 2022/06/17 12:0 a.m.7 views

GE Voluson 信任管理问题漏洞

GE Voluson is a diagnostic ultrasound solution from General Electric GE. A security vulnerability exists in GE Voluson S8 that stems from a hard-coded issue in the application service browser...

7.8CVSS7.3AI score0.00219EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/06/15 12:0 a.m.7 views

The vulnerability of the Application Service component of the software for working with Oracle Web Applications Desktop Integrator allows a perpetrator to gain access to modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the Application Service component of the Oracle Web Applications Desktop Integrator software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized...

8.5CVSS7.6AI score0.00987EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/31 12:0 a.m.5 views

PT-2022-10040 · Stormshield · Stormshield Network Security

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 1.0.0 through 2.7.8 Stormshield Network Security SNS versions 2.8.0 through 2.16.0 Stormshield Network Security SNS versions 3.0.0 through 3.7.20 Stormshield Network Security SNS versions 3.8.0 throug...

9.8CVSS8.1AI score0.02089EPSS
Exploits0References7
CISA
CISA
added 2021/11/12 12:0 a.m.13 views

VMware Releases Security Update for Tanzu Application Service for VMs

VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply th...

6.7AI score
Exploits0References1
VMware
VMware
added 2021/11/11 12:0 a.m.32 views

VMware Tanzu Application Service for VMs updates address a denial-of-service vulnerability (CVE-2021-22101)

3a. VMware Tanzu Application service for VMs updates address a denial-of-service vulnerability CVE-2021-22101 VMware Tanzu Application Service for VMs uses Cloud Controller CAPI from Cloud Foundry which is vulnerable to an unauthenticated denial-of-serviceDoS vulnerability. VMware has evaluated...

5CVSS7.4AI score0.00972EPSS
Exploits0References13Affected Software1
NVD
NVD
added 2021/08/12 3:15 p.m.11 views

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

5.5CVSS0.00604EPSS
Exploits0References2
Prion
Prion
added 2021/08/12 3:15 p.m.15 views

Authentication flaw

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

5.5CVSS5.7AI score0.00604EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/12 2:27 p.m.20 views

CVE-2021-27791

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...

6AI score0.00604EPSS
Exploits0References2
CVE
CVE
added 2021/07/30 6:32 p.m.76 views

CVE-2021-35193

CVE-2021-35193 affects Patterson Eaglesoft 18–21 via the Patterson Application Service. The vulnerability arises because the service accepts the same certificate authentication across different customer installations with the same software version, enabling remote access to SQL database credentia...

7.5CVSS7.8AI score0.0117EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/07/23 12:0 a.m.107 views

Oracle JDeveloper XXE (July 2021 CPU)

The version of Oracle JDeveloper installed on the remote host is prior to 12.2.1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory: - Vulnerability in the Essbase product of Oracle Essbase component: Infrastructure Apache Commons Compress. The...

9.8CVSS6.3AI score0.16157EPSS
Exploits0References4
CVE
CVE
added 2021/06/16 6:45 p.m.73 views

CVE-2021-32659

CVE-2021-32659 affects matrix-appservice-bridge (versions 2.6.0 and earlier). When room upgrade handling is enabled via roomUpgradeOpts, an m.room.tombstone event can unbridge the current room and bridge into a target room without verifying the predecessor in the target m.room.create, enabling a ...

6.5CVSS5.1AI score0.00936EPSS
Exploits0References3Affected Software1
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.32 views

BSA-2021-1491

Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.0 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...

4.3CVSS5.7AI score0.00604EPSS
Exploits0
CNVD
CNVD
added 2021/04/25 12:0 a.m.2 views

XML Entity Injection Vulnerability in Oracle WebLogic Server

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/03/29 12:0 a.m.3 views

Zhengzhou Rui Zhi Software Technology Co., Ltd. website building system has SQL injection vulnerabilities

Zhengzhou Rui Zhi Software Technology Co., Ltd. is a comprehensive network application service provider. Zhengzhou Ruizhi Software Technology Co., Ltd. station building system SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/12/18 12:0 a.m.4 views

Unauthorized Access Vulnerability in EDAS, an Enterprise Distributed Application Service of AliCloud Computing Co.

Enterprise Distributed Application Service EDAS Enterprise Distributed Application Service is a one-stop PaaS platform for application full lifecycle management and monitoring, supporting deployment in Kubernetes/ECS, non-intrusive support for Java/Go/Python/PHP/ . NetCore and other multi-languag...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2020/11/17 4:35 p.m.67 views

U.S. Dept Of Defense: Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and

Summary: I have discovered a blind stored cross site scripting vulnerability due to an insecure Contact form available here https://███████.mil/ This form does not properly sanitize user input allowing for the insertion and submission of dangerous characters such as angle brackets. I was able to...

Exploits0
NVD
NVD
added 2020/07/31 8:15 p.m.14 views

CVE-2020-5414

VMware Tanzu Application Service for VMs 2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7 contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are...

6CVSS5.5AI score0.00707EPSS
Exploits0References1
Prion
Prion
added 2020/07/31 8:15 p.m.16 views

Design/Logic Flaw

VMware Tanzu Application Service for VMs 2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7 contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are...

6CVSS5.6AI score0.00707EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2020/07/31 7:40 p.m.28 views

CVE-2020-5414 App Autoscaler logs credentials

VMware Tanzu Application Service for VMs 2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7 contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are...

5.7CVSS5.6AI score0.00707EPSS
Exploits0References1
CVE
CVE
added 2020/07/31 7:40 p.m.49 views

CVE-2020-5414

The CVE-2020-5414 entry concerns VMware Tanzu Application Service for VMs (2.7.x prior to 2.7.19, 2.8.x prior to 2.8.13, 2.9.x prior to 2.9.7) where the App Autoscaler logs UAA admin and App Autoscaler Broker passwords. Logs are redacted in VMware Tanzu Operations Manager, but unredacted logs wer...

6CVSS5.5AI score0.00707EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder