Lucene search
K

97 matches found

CNNVD
CNNVD
added 2023/04/11 12:0 a.m.16 views

Microsoft OLE DB Provider for SQL Server 安全漏洞

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. The following products and versions are affected: Windows Server...

8.8CVSS8.4AI score0.01463EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/01/20 12:0 a.m.139 views

Oracle Database Server for Windows (Jan 2023 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and...

9.8CVSS7.2AI score0.99931EPSS
Exploits48References19
OSV
OSV
added 2023/01/18 12:15 a.m.3 views

CVE-2023-21893

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...

7.5CVSS7.2AI score0.00594EPSS
Exploits0References1
Prion
Prion
added 2023/01/18 12:15 a.m.26 views

Code injection

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...

5.1CVSS7.4AI score0.00594EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.4 views

Oracle Database Server 安全漏洞

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability exists in Oracle Database Server versions 19c and 21c. An...

7.5CVSS7.8AI score0.00594EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.5 views

PT-2023-1244 · Oracle · Oracle Data Provider For .Net +1

Name of the Vulnerable Software and Affected Versions: Oracle Data Provider for .NET versions 19c through 21c Description: The issue is related to insufficient input validation in the Oracle Data Provider for .NET component of Oracle Database Server, allowing an unauthenticated attacker with...

7.6CVSS8.7AI score0.00594EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.5 views

Liferay Portal和Liferay DXP 信任管理问题漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

4.8CVSS5.2AI score0.00338EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/25 10:40 p.m.41 views

Possible information disclosure inside TreeGrid component with default data provider

Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...

7.5CVSS6.9AI score0.00915EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/05/25 10:40 p.m.1 views

GHSA-QFR3-323W-QV27 Possible information disclosure inside TreeGrid component with default data provider

Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...

5.7CVSS7.1AI score0.00915EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 5:20 p.m.6 views

GHSA-8J5R-9687-88W5 Liferay Portal and Liferay DXP Fails to Sanitize API Data

Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 19, and 7.2 before fix pack 7, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers...

6.5CVSS6.3AI score0.01593EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/24 2:20 p.m.31 views

CVE-2022-29567 Possible information disclosure inside TreeGrid component with default data provider

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

5.7CVSS7.5AI score0.00915EPSS
Exploits0References2
OSV
OSV
added 2022/01/13 10:15 p.m.4 views

CVE-2021-34994

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...

8.8CVSS6.1AI score0.05789EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/06/30 12:0 a.m.6 views

PT-2021-5321 · Commvault · Commvault Commcell

Name of the Vulnerable Software and Affected Versions: Commvault CommCell version 11.22.22 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

9CVSS9AI score0.05789EPSS
Exploits0References5
Prion
Prion
added 2016/12/20 6:59 a.m.13 views

Information disclosure

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...

5CVSS7.2AI score0.20008EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2016/12/20 6:59 a.m.37 views

CVE-2016-7270

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...

7.5CVSS7.4AI score0.20008EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/12/20 5:54 a.m.35 views

CVE-2016-7270

The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...

7.4AI score0.20008EPSS
Exploits0References3
CVE
CVE
added 2016/12/20 5:54 a.m.104 views

CVE-2016-7270

CVE-2016-7270 affects the Data Provider for SQL Server in Microsoft .NET Framework 4.6.2. The vulnerability arises from mishandling a developer-supplied key, allowing remote attackers to bypass Always Encrypted and obtain sensitive cleartext data. Impact is information disclosure due to key guess...

7.5CVSS7.3AI score0.20008EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/12/14 12:0 a.m.26 views

Microsoft .NET Framework Information Disclosure Vulnerability (CNVD-2016-12419)

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

7.5CVSS6.6AI score0.20008EPSS
Exploits0References1
CNVD
CNVD
added 2016/12/07 12:0 a.m.3 views

Unspecified Vulnerability in IBM IMS Enterprise Suite Data Provider for Microsoft .NET

IBM IMS Enterprise Suite Data Provider for Microsoft .NET is a solution from IBM USA that provides Microsoft .NET based applications to access and manipulate IMS data. The solution supports access to IMS data from .NET applications using standard SQL queries and handling of IMS connected links an...

8.1CVSS7AI score0.00916EPSS
Exploits0References1
NVD
NVD
added 2016/11/30 8:59 p.m.16 views

CVE-2016-2887

IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...

8.1CVSS7.4AI score0.00916EPSS
Exploits0References2
Rows per page
Query Builder