924 matches found
CVE-2024-22131
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control mechanisms. This allows attackers to gain read and edit access to data.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain read and edit access to data...
The vulnerability of the synchronization application for Qsync Central files arises from the improper assignment of permissions to the critical resource. This allows a malicious actor to gain access to read, modify, or delete data.
The vulnerability of the Qsync Central file synchronization application is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker who operates remotely to gain access to read, modify, or delete data...
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...
The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite system for enterprise automation activities is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gai...
CVE-2024-20928
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...
CVE-2024-20914
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to...
Amazon Sandbox Accounts for Events Security Breach
Amazon Sandbox Accounts for Events is an application from Amazon.com, Inc. It allows multiple temporary AWS accounts to be made available to multiple authenticated users at the same time through a browser-based GUI. A security vulnerability exists in Amazon Sandbox Accounts for Events prior to...
The vulnerability of the SMS sending function in OMICARD’s marketing messaging system allows a hacker to execute arbitrary SQL code and gain access to read, modify, or delete data.
The vulnerability of the SMS sending function in OMICARD’s marketing messaging system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code and gain access to read, modify, or delete data...
Dell Virtual Appliance Manager 安全漏洞
Dell Virtual Appliance Manager is a virtual appliance manager from Dell USA. An arbitrary file read vulnerability exists in Dell Virtual Appliance Manager, which can be exploited by an attacker to read arbitrary files from the target system...
CVE-2023-49587
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...
PT-2023-25656 · Prolion · Prolion Cryptospike
Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: A SQL Injection issue exists in the users searching REST API endpoint, allowing remote authenticated attackers to read database data via SQL commands injected in the search parameter...
PT-2023-9536 · Oracle +1 · Mysql Server
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior Description: The issue is related to insufficient protection of internal data due to incorrect input validation in the Server: Telemetry component of MySQL Server. Th...
PT-2023-23194 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.2.2 Description: The issue allows a local attacker to obtain confidential information or rewrite sensitive files due to incorrect default permissions. Recommendations: For OpenHarmony versions prior to 3.2.2,...
PYSEC-2023-241
Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...
kernel: VMCI: Use threaded irqs instead of tasklets
In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...
CVE-2023-39301
A server-side request forgery SSRF vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS...
The vulnerability of the SAP CommonCryptoLib library, related to deficiencies in authentication procedures, allows attackers to read, modify, or delete data with limited access.
The vulnerability of the SAP CommonCryptoLib library is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to read, modify, or delete data with limited access...
The vulnerability of the SICAM PAS/PQS automation software for controlling electrical energy facilities lies in the improper assignment of permissions for critical resources during the verification of the certificate signing request. This allows a violator to read and modify these configuration data within the context of the application process.
The vulnerability of the SICAM PAS/PQS software for automating control systems in electrical energy facilities is related to the incorrect assignment of permissions to critical resources. Exploiting this vulnerability could allow an attacker to read and modify configuration data during the...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
...