CVE-2023-2900

CVE-2023-2900 affects NFine Rapid Development Platform 20230511. Affected is an unknown function of the file /Login/CheckLogin, where manipulation leads to use of a weak hash. The issue can be exploited remotely; attack complexity is high and exploitability is difficult. Public disclosure has occ...

CVE-2023-2900 NFine Rapid Development Platform CheckLogin weak hash

A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is...

ROS-20230504-03

A vulnerability in the minimatch package of the Node.js software development platform is related to a call to the braceExpand function with with certain arguments. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a denial of service...

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

nodejs:14 security update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

Adobe ColdFusion 代码问题漏洞

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...

Important: Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Bug Fixes and Enhancements: nodejs:12/nodejs: rebase...

CVE-2021-32025

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform versions 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0....

Privilege escalation

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform versions 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0....

CVE-2021-32025

CVE-2021-32025 is an elevation of privilege vulnerability in the QNX Neutrino Kernel affecting multiple QNX platforms (Software Development Platform 6.4.0–7.0, Momentics 6.3.x, OS for Safety 1.0.0–1.0.2 and 2.0.0–2.0.1, OS for Medical 1.0.0–1.1.1, and OS for Medical 2.0.0). An unprivileged attack...

Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05875)

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05874)

Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...

Yappli has unspecified vulnerabilities

Yappli, an application development platform from Yappli Japan, has a security vulnerability in Yappli Android Apps that could be exploited by attackers to access malicious websites containing carefully constructed URLs, where the application could be directed to connect to certain unintended...

BlackBerry QNX SDP 安全漏洞

Blackberry BlackBerry Qnx Sdp is a software development platform from Blackberry Canada. A security vulnerability exists in BlackBerry QNX SDP version 6.4 through 7.1, which can be exploited by an attacker to execute code in the context of an affected process...

Siemens Mendix Information Disclosure Vulnerability

A security vulnerability exists in Siemens Mendix, a low-code application development platform from Siemens, Germany. The vulnerability stems from the fact that applications built with the affected version of Mendix Studio Pro do not prevent the caching of file documents when opening or downloadi...

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

CVE-2021-22156

An integer overflow vulnerability in the calloc function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform SDP versions 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to...

Pega Infinity patches authentication vulnerability

Security researchers came across a Pega Infinity vulnerability through participation in Apple’s bug bounty program, after focusing on vendors that supplied technology to Apple. By using Burp Suite—an integrated platform for performing security testing of web applications—the security researchers...

SQL Injection Vulnerability in Hongyang Mobile Development Platform

Ltd. is a professional provider of health informatization solutions and application software. A SQL injection vulnerability exists in Hongyang Mobile Development Platform, which can be exploited by attackers to obtain sensitive information from the database...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...