173 matches found
GE Voluson 信任管理问题漏洞
GE Voluson is a diagnostic ultrasound solution from General Electric GE. A security vulnerability exists in GE Voluson S8 that stems from a hard-coded issue in the application service browser...
The vulnerability of the Application Service component of the software for working with Oracle Web Applications Desktop Integrator allows a perpetrator to gain access to modify, add, or delete data, or to gain unauthorized access to protected information.
The vulnerability of the Application Service component of the Oracle Web Applications Desktop Integrator software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized...
PT-2022-10040 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 1.0.0 through 2.7.8 Stormshield Network Security SNS versions 2.8.0 through 2.16.0 Stormshield Network Security SNS versions 3.0.0 through 3.7.20 Stormshield Network Security SNS versions 3.8.0 throug...
VMware Releases Security Update for Tanzu Application Service for VMs
VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply th...
VMware Tanzu Application Service for VMs updates address a denial-of-service vulnerability (CVE-2021-22101)
3a. VMware Tanzu Application service for VMs updates address a denial-of-service vulnerability CVE-2021-22101 VMware Tanzu Application Service for VMs uses Cloud Controller CAPI from Cloud Foundry which is vulnerable to an unauthenticated denial-of-serviceDoS vulnerability. VMware has evaluated...
CVE-2021-27791
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...
Authentication flaw
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...
CVE-2021-27791
The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An...
CVE-2021-35193
CVE-2021-35193 affects Patterson Eaglesoft 18–21 via the Patterson Application Service. The vulnerability arises because the service accepts the same certificate authentication across different customer installations with the same software version, enabling remote access to SQL database credentia...
Oracle JDeveloper XXE (July 2021 CPU)
The version of Oracle JDeveloper installed on the remote host is prior to 12.2.1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory: - Vulnerability in the Essbase product of Oracle Essbase component: Infrastructure Apache Commons Compress. The...
CVE-2021-32659
CVE-2021-32659 affects matrix-appservice-bridge (versions 2.6.0 and earlier). When room upgrade handling is enabled via roomUpgradeOpts, an m.room.tombstone event can unbridge the current room and bridge into a target room without verifying the predecessor in the target m.room.create, enabling a ...
BSA-2021-1491
Security Advisory ID : BSA-2021-1491 Component : Web Application Service Revision : 1.0 The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication heade...
XML Entity Injection Vulnerability in Oracle WebLogic Server
Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...
Zhengzhou Rui Zhi Software Technology Co., Ltd. website building system has SQL injection vulnerabilities
Zhengzhou Rui Zhi Software Technology Co., Ltd. is a comprehensive network application service provider. Zhengzhou Ruizhi Software Technology Co., Ltd. station building system SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...
Unauthorized Access Vulnerability in EDAS, an Enterprise Distributed Application Service of AliCloud Computing Co.
Enterprise Distributed Application Service EDAS Enterprise Distributed Application Service is a one-stop PaaS platform for application full lifecycle management and monitoring, supporting deployment in Kubernetes/ECS, non-intrusive support for Java/Go/Python/PHP/ . NetCore and other multi-languag...
U.S. Dept Of Defense: Blind stored XSS due to insecure contact form at https://█████.mil leads to leakage of session token and
Summary: I have discovered a blind stored cross site scripting vulnerability due to an insecure Contact form available here https://███████.mil/ This form does not properly sanitize user input allowing for the insertion and submission of dangerous characters such as angle brackets. I was able to...
CVE-2020-5414
VMware Tanzu Application Service for VMs 2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7 contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are...
Design/Logic Flaw
VMware Tanzu Application Service for VMs 2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7 contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are...
CVE-2020-5414 App Autoscaler logs credentials
VMware Tanzu Application Service for VMs 2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7 contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are...
CVE-2020-5414
The CVE-2020-5414 entry concerns VMware Tanzu Application Service for VMs (2.7.x prior to 2.7.19, 2.8.x prior to 2.8.13, 2.9.x prior to 2.9.7) where the App Autoscaler logs UAA admin and App Autoscaler Broker passwords. Logs are redacted in VMware Tanzu Operations Manager, but unredacted logs wer...