CVE-2022-4224 CODESYS: Exposure of Resource to Wrong Sphere in CODESYS V3

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device...

CVE-2023-27893

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

CVE-2023-26457

SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data...

CVE-2023-23857

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...

PT-2023-20650 · Sap · Sap Content Server

Name of the Vulnerable Software and Affected Versions: SAP Content Server version 7.53 Description: The issue results from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can read and modify some...

SAP NetWeaver AS 授权问题漏洞

SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but also is the basic platform for SAP software. SAP NetWeaver AS version 7.50 has an authorization problem vulnerability, which stems from the lack of authentication checks and can be...

SUSE CVE-2013-4956

Puppet Module Tool PMT, as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to rea...

SUSE CVE-2017-10242

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

SUSE CVE-2020-2593

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

SUSE CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

The vulnerability of the GE Proficy Historian industrial data management platform, related to deficiencies in access control, allows a intruder to gain read, modify, or delete access to files.

The vulnerability of the GE Proficy Historian industrial data management platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to files...

PT-2023-7515 · Tp Link · Tp-Link Archer Vr1600V

Name of the Vulnerable Software and Affected Versions: TP-Link Archer VR1600V versions = 0.1.0, 0.9.1 v5006.0 Build 220518 Rel.32480n Description: A command injection issue exists in the administrative web portal of TP-Link Archer VR1600V devices. This allows remote attackers, authenticated as...

The vulnerability of the Android operating system’s exchange buffer in Samsung mobile devices allows a hacker to gain access to read, modify, or delete files.

The vulnerability of the exchange buffer in Android mobile devices from Samsung is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete files...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain unauthorized access to read, modify, or add data, or to cause a service failure.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add data, or cause a service...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform allows a malicious individual to gain unauthorized access to read, modify, or add data, or to cause service interruptions.

The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add...

CVE-2022-21552

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Search. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter...

The management interface of the Fortinet FortiDeceptor is vulnerable, allowing attackers to gain read, modify, or delete access to data. This vulnerability enables attackers to manipulate security measures in response to external and internal security threats.

The vulnerability of the management interface for detecting and responding to external and internal security threats in Fortinet’s FortiDeceptor involves errors in processing the relative path to the catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain read...

CVE-2022-20742

A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementatio...

CVE-2022-21450

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub product of Oracle PeopleSoft component: My Links. The supported version that is affected is 9.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL...