PT-2023-4305 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 103.0.5060.53 Description: The issue is related to a use after free in the Media component, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. This can be exploited by a remote...

The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory, allowing attackers to read arbitrary files.

The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files using a specially created HTTP request...

CVE-2022-29097

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application...

CVE-2021-32966

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

Design/Logic Flaw

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDA...

PT-2022-6774 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 102.0.5005.61 Description: The issue is related to a use after free in the UI of Google Chrome, which allows a remote attacker to perform arbitrary read/write via a crafted HTML page. This can potentially enabl...

GHSA-JJQ8-VFJQ-J6V4 Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch

Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls...

CVE-2022-30286

pyscriptjs aka PyScript Demonstrator in PyScript through 2022-05-04 allows a remote user to read Python source code...

CVE-2022-29943

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity XXE processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201...

PT-2022-6775 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 101.0.4951.41 Description: The issue is related to a use after free in Base Internals, allowing a remote attacker to perform arbitrary read/write via a crafted HTML page. This can be exploited by a remote...

PT-2022-3108 · Oracle · Oracle Banking Payments

Name of the Vulnerable Software and Affected Versions: Oracle Banking Payments versions 14.5 Description: The issue is related to incorrect permission assignment for a critical resource in the Infrastructure component of Oracle Banking Payments. This can be exploited by a remote attacker to creat...

GitLab Enterprise Edition和GitLab Community Edition 信息泄露漏洞

GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. An information disclosure vulnerability exists in GitLab Enterprise Edition and GitLab Community Edition, which stems from the application outputting too much...

The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain read access to data and compromise its integrity.

The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data and compromise its integri...

CVE-2022-0988

Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cleartext transmission as the web application runs by default on HTTP. This could allow an attacker to remotely read transmitted information between the client and product...

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages, which allows an attacker to read and modify configuration data.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages. Exploiting this vulnerability allows a malicious actor to read and modify configuration data remotely...

PT-2022-6781 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 99.0.4844.51 Description: The issue is related to a use after free in the Accessibility component of Google Chrome, which could allow a remote attacker to perform arbitrary read/write operations via a crafted...

OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...