36 matches found
CVE-2023-31056
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x...
EUVD-2021-17071
Malware in sbrugna...
EUVD-2021-16454
Malware in sbrugna...
EUVD-2021-29732
Malicious code in bioql PyPI...
EUVD-2023-35390
Malicious code in bioql PyPI...
CVE-2021-29995
A Cross Site Request Forgery CSRF issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user including script execution. The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1...
CVE-2021-42776
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...
CVE-2021-30133
A cross-site scripting XSS vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10...
CVE-2023-31056
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x...
CVE-2023-31056
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x...
Code injection
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x...
CloverDX 日志信息泄露漏洞
CloverDX is an enterprise data management platform designed to solve demanding real-world data challenges. Design, automate, manipulate and publish data. A security vulnerability exists in CloverDX versions prior to 5.17.3, which stems from the fact that it can write passwords to audit logs...
CVE-2023-31056
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x...
CVE-2023-31056
CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x...
CVE-2023-31056
CVE-2023-31056 affects CloverDX prior to 5.17.3. The issue causes passwords to be written to the audit log when the audit log is enabled and single sign-on is not used, exposing credentials (information disclosure). Fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x. Exploitation details are no...
CVE-2021-42776
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...
CVE-2021-42776
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...
Design/Logic Flaw
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...
CVE-2021-42776
CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import...
CVE-2021-42776
CVE-2021-42776 affects CloverDX Server before 5.11.2 and CloverDX 5.12.x before 5.12.1, where XML External Entity (XXE) processing is vulnerable during configuration import. Impact per sources is limited to the XXE exposure; CVSS indicates at least a High impact on confidentiality with no integri...