CVE-2023-37287

SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes...

The vulnerability of the Jenkins Cisco Spark Notifier Plugin, related to deficiencies in access control, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Jenkins Cisco Spark Notifier Plugin is related to deficiencies in access control when processing HTTP endpoints. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

SUSE CVE-2023-33552

Heap Buffer Overflow in the erofsreadonedata function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel erofs-utils version v1.6, which stems from the discovery of a heap buffer overflow in the erofsreadonedata function in data....

CVE-2023-20110

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validat...

CVE-2023-20184

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

Mozilla: Potential memory corruption in FileReader::DoReadData()

The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit...

Mozilla: Potential memory corruption in FileReader::DoReadData()

The Mozilla Foundation Security Advisory describes this flaw as: When reading a file, an uninitialized value could have been used as read limit...

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools, a resource management system, allows a perpetrator to gain access to read, modify, add, or delete data.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data...

CVE-2023-31435

Multiple components such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly...

CVE-2023-21927

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Interoperability SEC. Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards...

CVE-2023-21902

Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications component: Application. The supported version that is affected is 8.0.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2023-24527

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : qemu (SUSE-SU-2023:0879-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0879-1 advisory. - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing t...

The vulnerability of the database server of the software solution for monitoring the status of B&R APROL industrial systems allows a hacker to read and modify configuration data.

The vulnerability of the database server of the B&R APROL software solution for monitoring the status of industrial systems is related to the absence of an authentication procedure. Exploiting this vulnerability allows a malicious actor to read and modify configuration data remotely...

SAP Solution Manager 代码注入漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

Eternal Terminal 后置链接漏洞

Eternal Terminal is a remote shell by Jason Gauci Personal Developer. A security vulnerability exists in Eternal Terminal version 6.2.1, which stems from the use of fixed paths, and can be exploited by an attacker to read sensitive information or modify information...

SUSE CVE-2004-1065

Buffer overflow in the exifreaddata function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file...

SUSE CVE-2008-3110

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet...

SUSE CVE-2010-1848

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. dot dot in a table name...