The vulnerability of the Firewall component of the Oracle Audit Vault and Database Firewall (AVDF) management tool allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the Firewall component of the Oracle Audit Vault and Database Firewall AVDF management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data...

The vulnerability of embedded Qualcomm data modems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of embedded Qualcomm data modems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, add, or delete data remotely...

PT-2023-4046 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA versions S4CORE 104 through 107 Description: The issue is related to insufficient access control in the Manage Journal Entry Template component of SAP S/4HANA. This can allow a remote attacker to read, modify, or delete files. Whe...

PT-2023-4250 · Sap · Sap Business One

Name of the Vulnerable Software and Affected Versions: SAP Business One B1i module version 10.0 Description: The issue is related to the lack of protection of the SQL query structure in the B1i Layer component of SAP Business One. This allows a remote attacker to send specially crafted queries to...

PT-2023-2595 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.6.0 Description: The issue is related to errors in handling symbolic links within the settings.DataFolder variable in the Docker Desktop for Windows platform. This can allow a remote attacker to gain read,...

Joomla SQL注入漏洞

Joomla is an open source, cross-platform content management system CMS developed using PHP and MySQL by the U.S. Open Source Matters team. Joomla 3 suffers from a security vulnerability that stems from improper use of input filters leading to SQL injection. An attacker exploiting the vulnerabilit...

The vulnerability of the Apache Fineract digital financial services platform, related to the lack of protection for the SQL query structure, allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Apache Fineract digital financial services platform relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain read, modify, or delete access to data...

The vulnerability of the GE Proficy Historian industrial data management platform, related to deficiencies in access control, allows a intruder to gain read, modify, or delete access to files.

The vulnerability of the GE Proficy Historian industrial data management platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to files...

PT-2023-7515 · Tp Link · Tp-Link Archer Vr1600V

Name of the Vulnerable Software and Affected Versions: TP-Link Archer VR1600V versions = 0.1.0, 0.9.1 v5006.0 Build 220518 Rel.32480n Description: A command injection issue exists in the administrative web portal of TP-Link Archer VR1600V devices. This allows remote attackers, authenticated as...

The vulnerability of the Android operating system’s exchange buffer in Samsung mobile devices allows a hacker to gain access to read, modify, or delete files.

The vulnerability of the exchange buffer in Android mobile devices from Samsung is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete files...

The management interface of the Fortinet FortiDeceptor is vulnerable, allowing attackers to gain read, modify, or delete access to data. This vulnerability enables attackers to manipulate security measures in response to external and internal security threats.

The vulnerability of the management interface for detecting and responding to external and internal security threats in Fortinet’s FortiDeceptor involves errors in processing the relative path to the catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain read...

The vulnerability of the Samples component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Samples component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data using the HTTP...

CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database...

CVE-2022-24396

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities an...

SiPass integrated access control vulnerability (CNVD-2021-100378)

SiPass integrated is an access control system. With the SiPass integrated access control vulnerability, the affected application does not adequately restrict access to the internal active synopsis database. A remote attacker could exploit the vulnerability to read, modify, or delete, among other...

CVE-2021-44523

A vulnerability has been identified in SiPass integrated V2.76 All versions, SiPass integrated V2.80 All versions, SiPass integrated V2.85 All versions, Siveillance Identity V1.5 All versions, Siveillance Identity V1.6 All versions V1.6.284.0. Affected applications insufficiently limit the access...

Siemens SiPass Integrated和Siveillance Identity 安全漏洞

SiPass integrated is an access control system. With the SiPass integrated access control vulnerability, the affected application does not adequately restrict access to the internal active synopsis database. A remote attacker could exploit the vulnerability to read, modify, or delete, among other...

PT-2021-7535 · Samsung +1 · Samsung Mobile Devices +1

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices affected versions not specified Description: The issue is related to the use of memory after it has been freed when handling file descriptors in the Display and Enhancement Controller DECON driver of the Display...

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software, which allows a perpetrator to gain unauthorized access to protected information, enabling read, modify, or delete operations on data.

The vulnerability of the REST API interface of the Cisco IoT Field Network Director software lies in the absence of a authentication mechanism for accessing the database. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected informatio...

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...