CVE-2023-28398

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor w...

The vulnerability of the database server of the software solution for monitoring the status of B&R APROL industrial systems allows a hacker to read and modify configuration data.

The vulnerability of the database server of the B&R APROL software solution for monitoring the status of industrial systems is related to the absence of an authentication procedure. Exploiting this vulnerability allows a malicious actor to read and modify configuration data remotely...

CVE-2023-27893

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

CVE-2023-26457

SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data...

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...

SAP NetWeaver AS 授权问题漏洞

SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but also is the basic platform for SAP software. SAP NetWeaver AS version 7.50 has an authorization problem vulnerability, which stems from the lack of authentication checks and can be...

SAP Solution Manager 代码注入漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

K54724312: Linux kernel vulnerability CVE-2022-0492

Security Advisory Description A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation...

Eternal Terminal 后置链接漏洞

Eternal Terminal is a remote shell by Jason Gauci Personal Developer. A security vulnerability exists in Eternal Terminal version 6.2.1, which stems from the use of fixed paths, and can be exploited by an attacker to read sensitive information or modify information...

SUSE CVE-2017-10233

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

SUSE CVE-2018-3171

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Partition. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

SUSE CVE-2019-2975

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

SUSE CVE-2019-2996

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Deployment. The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

SUSE CVE-2020-2875

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL...

SUSE CVE-2020-14593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2023-23859

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information...

CVE-2023-0025

SAP Solution Manager BSP Application - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources...

PT-2023-15956 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager BSP Application version 720 Description: The issue allows an authenticated attacker to craft a malicious link. When clicked by an unsuspecting user, this link can be used to read or modify some sensitive information or...

CVE-2022-34449

PowerPath Management Appliance with versions 3.3 & 3.2 contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application...

CVE-2023-22900

Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...