97 matches found
Microsoft OLE DB Provider for SQL Server 安全漏洞
Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. The following products and versions are affected: Windows Server...
Oracle Database Server for Windows (Jan 2023 CPU)
The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and...
CVE-2023-21893
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...
Code injection
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...
Oracle Database Server 安全漏洞
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability exists in Oracle Database Server versions 19c and 21c. An...
PT-2023-1244 · Oracle · Oracle Data Provider For .Net +1
Name of the Vulnerable Software and Affected Versions: Oracle Data Provider for .NET versions 19c through 21c Description: The issue is related to insufficient input validation in the Oracle Data Provider for .NET component of Oracle Database Server, allowing an unauthenticated attacker with...
Liferay Portal和Liferay DXP 信任管理问题漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Possible information disclosure inside TreeGrid component with default data provider
Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...
GHSA-QFR3-323W-QV27 Possible information disclosure inside TreeGrid component with default data provider
Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...
GHSA-8J5R-9687-88W5 Liferay Portal and Liferay DXP Fails to Sanitize API Data
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 19, and 7.2 before fix pack 7, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers...
CVE-2022-29567 Possible information disclosure inside TreeGrid component with default data provider
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...
CVE-2021-34994
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...
PT-2021-5321 · Commvault · Commvault Commcell
Name of the Vulnerable Software and Affected Versions: Commvault CommCell version 11.22.22 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...
Information disclosure
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...
CVE-2016-7270
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...
CVE-2016-7270
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure...
CVE-2016-7270
CVE-2016-7270 affects the Data Provider for SQL Server in Microsoft .NET Framework 4.6.2. The vulnerability arises from mishandling a developer-supplied key, allowing remote attackers to bypass Always Encrypted and obtain sensitive cleartext data. Impact is information disclosure due to key guess...
Microsoft .NET Framework Information Disclosure Vulnerability (CNVD-2016-12419)
Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...
Unspecified Vulnerability in IBM IMS Enterprise Suite Data Provider for Microsoft .NET
IBM IMS Enterprise Suite Data Provider for Microsoft .NET is a solution from IBM USA that provides Microsoft .NET based applications to access and manipulate IMS data. The solution supports access to IMS data from .NET applications using standard SQL queries and handling of IMS connected links an...
CVE-2016-2887
IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...