923 matches found
CVE-2024-34453
TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=readdata&type=connectivitytest which reaches /system/api.php...
CVE-2024-3479
An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider com.motorola.server.enterprise.MotoDpmsProvider that could allow a local attacker to read local data...
Motorola Phone Calls 安全漏洞
Motorola Phone Calls is a cell phone application from Motorola USA. A security vulnerability exists in Motorola Phone Calls that stems from an incorrect export vulnerability that could allow a local attacker to read unauthorized information...
Vulnerability of the Server component: Security: Privileges of the Oracle MySQL Server database management system, which allows attackers to gain unauthorized access for reading, adding, modifying, or deleting protected information.
The vulnerability of the Server component, specifically the Security: Privileges section of the Oracle MySQL Server database management system, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, add,...
mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...
CVE-2024-21072
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: Data Provider UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base...
CVE-2024-21038
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2024-31784
An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component...
PT-2024-14673 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the libceph component. The issue occurs when a short read happens while reading the message footer from the socket...
CVE-2024-29239
Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information...
CVE-2024-2453
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database...
DEBIAN-CVE-2024-28580
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the ReadData function when reading images in RAS format...
FitNesse Security Breach
FitNesse is a fully integrated standalone wiki and acceptance testing framework. A security vulnerability exists in FitNesse that stems from the presence of an XML External Entity Misreference vulnerability that could allow an unauthenticated, remote attacker to obtain sensitive information, alte...
Mitsubishi Electric MELSEC-Q and MELSEC-L Security Vulnerability
The Mitsubishi Electric MELSEC-Q Series is a MELSEC-Q series of programmable logic controllers from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC-Q and MELSEC-L that stems from an incorrect pointer scaling vulnerability in the CPU module, which allow...
UBUNTU-CVE-2023-52566
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfsgccachesubmitreaddata In nilfsgccachesubmitreaddata, brelsebh is called to drop the reference count of bh when the call to nilfsdattranslate fails. If the reference count hits 0 and it...
CentOS 9 : qemu-kvm-7.1.0-2.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the qemu- kvm-7.1.0-2.el9 build changelog. - heap buffer overflow in DMA read data transfers rhel-9.0 CVE-2021-3507 Note that Nessus has not tested for this issue but has instead relied onl...
Cisco Unified Intelligence Center Security Vulnerabilities
Cisco Unified Intelligence Center is the United States Cisco Cisco company's set of Web-based reporting platform. The platform provides for the presentation of report-related business data and call center data. A security vulnerability exists in Cisco Unified Intelligence Center, which stems from...
CVE-2024-20941
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: HTML UI. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful...
CVE-2024-26262
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even...
CVE-2024-22131
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...