CVE-2024-8900

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox 129...

OpenJDK: Out-of-bounds access in 2D image handling (8324559)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1;...

MENDELSON AS4 Security Vulnerability

MENDELSON AS4 is an out-of-the-box B2B document exchange solution from MENDELSON. A security vulnerability exists in versions prior to MENDELSON AS4 2024 B376 that stems from the fact that when a trading partner provides prepared XML data, the file can be written to a computer that is running a...

PT-2024-40743 · Hdf5 · Hdf5

Name of the Vulnerable Software and Affected Versions: HDF5 affected versions not specified Description: The issue is related to a heap buffer overflow, which occurs when writing data. The crash state indicates the involvement of specific functions, including H5F addr encode, H5O fsinfo encode, a...

CVE-2024-21018

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

The vulnerability of the add-on for creating supplements to integrate external data sources with the Splunk Add-on Builder platform arises from improper processing of output data for registration logs. This allows a perpetrator to insert arbitrary information into the log files.

The vulnerability in the add-on for creating supplements to integrate external data sources with the Splunk Add-on Builder platform is related to incorrect processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to write arbitrary information into t...

CVE-2023-6189

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...

CVE-2023-6189

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...

Design/Logic Flaw

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...

CVE-2023-6189 Improper Permission Handling in M-Files Server

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...

CVE-2023-6189

The CVE-2023-6189 entry concerns the M-Files server prior to version 23.11.13156.0, where a lack of proper access permissions checks allows an attacker to perform data write and export operations via the M-Files API. Affected component: M-Files server; root cause: missing access control on API me...

PT-2023-32558 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files server versions prior to 23.11.13156.0 Description: The issue is related to missing access permissions checks in the M-Files server, allowing attackers to perform data write and export jobs using the M-Files API methods...

CVE-2023-21521

An SQL Injection vulnerability in the Management Console Operator Audit Trail of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data Insert/Update/Delete, execute administration operations on the database, recover the...

ALPINE-CVE-2023-4016

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap...

Heap overflow

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap...

CVE-2023-4016

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap...

CVE-2023-4016

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap...

Design/Logic Flaw

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...

CVE-2022-42891

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...

CVE-2022-42734

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website’s application...