Lucene search
K

924 matches found

OSV
OSV
added 2024/02/13 3:15 a.m.2 views

CVE-2024-22131

In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...

7.2CVSS5.9AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/12 12:0 a.m.5 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control mechanisms. This allows attackers to gain read and edit access to data.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain read and edit access to data...

6.5CVSS6.6AI score0.0038EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/09 12:0 a.m.4 views

The vulnerability of the synchronization application for Qsync Central files arises from the improper assignment of permissions to the critical resource. This allows a malicious actor to gain access to read, modify, or delete data.

The vulnerability of the Qsync Central file synchronization application is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker who operates remotely to gain access to read, modify, or delete data...

9CVSS7.5AI score0.01014EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.3 views

The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...

6.4CVSS6.8AI score0.00168EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/01/22 12:0 a.m.5 views

The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite allows a perpetrator to gain access to read, modify, or delete data.

The vulnerability of the DB Privileges component of the Oracle Application Object Library in the Oracle E-Business Suite system for enterprise automation activities is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gai...

6.5CVSS6.9AI score0.00322EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/01/16 10:15 p.m.6 views

CVE-2024-20928

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...

6.1CVSS7.3AI score0.00326EPSS
Exploits0References1
OSV
OSV
added 2024/01/16 10:15 p.m.4 views

CVE-2024-20914

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to...

2.3CVSS7.3AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.4 views

Amazon Sandbox Accounts for Events Security Breach

Amazon Sandbox Accounts for Events is an application from Amazon.com, Inc. It allows multiple temporary AWS accounts to be made available to multiple authenticated users at the same time through a browser-based GUI. A security vulnerability exists in Amazon Sandbox Accounts for Events prior to...

7.8CVSS6.9AI score0.00169EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/12/21 12:0 a.m.5 views

The vulnerability of the SMS sending function in OMICARD’s marketing messaging system allows a hacker to execute arbitrary SQL code and gain access to read, modify, or delete data.

The vulnerability of the SMS sending function in OMICARD’s marketing messaging system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL code and gain access to read, modify, or delete data...

10CVSS8.2AI score0.01062EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/12/14 12:0 a.m.3 views

Dell Virtual Appliance Manager 安全漏洞

Dell Virtual Appliance Manager is a virtual appliance manager from Dell USA. An arbitrary file read vulnerability exists in Dell Virtual Appliance Manager, which can be exploited by an attacker to read arbitrary files from the target system...

4.9CVSS6.7AI score0.00588EPSS
Exploits0References2
OSV
OSV
added 2023/12/12 2:15 a.m.3 views

CVE-2023-49587

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

6.4CVSS6.7AI score0.00408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.7 views

PT-2023-25656 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: A SQL Injection issue exists in the users searching REST API endpoint, allowing remote authenticated attackers to read database data via SQL commands injected in the search parameter...

4.3CVSS4.9AI score0.00598EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.1 views

PT-2023-9536 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior Description: The issue is related to insufficient protection of internal data due to incorrect input validation in the Server: Telemetry component of MySQL Server. Th...

2.2CVSS7.9AI score0.00639EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/11/20 12:0 a.m.5 views

PT-2023-23194 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.2.2 Description: The issue allows a local attacker to obtain confidential information or rewrite sensitive files due to incorrect default permissions. Recommendations: For OpenHarmony versions prior to 3.2.2,...

7.3CVSS6.6AI score0.00184EPSS
Exploits0References4
OSV
OSV
added 2023/11/10 6:15 p.m.31 views

PYSEC-2023-241

Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction savepoints in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a savepoints name...

9.1CVSS6AI score0.00776EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.2 views

kernel: VMCI: Use threaded irqs instead of tasklets

In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmcidispatchdgs tasklet function calls vmcireaddata which uses waitevent resulting in invalid sleep in an atomic context and therefore potentially in a deadlock. Use threaded irqs t...

5.5CVSS6.2AI score0.00121EPSS
Exploits0References5
OSV
OSV
added 2023/11/03 5:15 p.m.3 views

CVE-2023-39301

A server-side request forgery SSRF vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS...

4.3CVSS5.7AI score0.00335EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/11/01 12:0 a.m.4 views

The vulnerability of the SAP CommonCryptoLib library, related to deficiencies in authentication procedures, allows attackers to read, modify, or delete data with limited access.

The vulnerability of the SAP CommonCryptoLib library is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to read, modify, or delete data with limited access...

10CVSS7.7AI score0.00748EPSS
Exploits0References3Affected Software8
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.5 views

The vulnerability of the SICAM PAS/PQS automation software for controlling electrical energy facilities lies in the improper assignment of permissions for critical resources during the verification of the certificate signing request. This allows a violator to read and modify these configuration data within the context of the application process.

The vulnerability of the SICAM PAS/PQS software for automating control systems in electrical energy facilities is related to the incorrect assignment of permissions to critical resources. Exploiting this vulnerability could allow an attacker to read and modify configuration data during the...

6.6CVSS5.5AI score0.00149EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2023/10/20 7:0 a.m.2 views

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

...

2.7CVSS7AI score0.00809EPSS
Exploits0
Rows per page
Query Builder