IBM Sterling Partner Engagement Manager和IBM X-Force 代码问题漏洞

IBM Sterling Partner Engagement Manager and IBM X-Force are both products of International Business Machines IBM.IBM Sterling Partner Engagement Manager is an automated management tool.IBM X-Force is a cloud-based IBM Sterling Partner Engagement Manager is an automated management tool. IBM Sterli...

The vulnerability of the WSGI server for Python Waitress, related to HTTP request processing flaws, allows attackers to access confidential data and compromise its integrity.

The vulnerability of the WSGI server for Python Waitress relates to the improper handling of special header characters in the Transfer-Encoding header. Exploiting this vulnerability allows an attacker to remotely access confidential data and compromise its integrity through a specially crafted...

CVE-2022-37700

Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information remote. The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig...

The vulnerability of the `calculate_gain` function in the `libfaad/sbr_hfadj.c` component of the Freeware Advanced Audio Decoder 2 (FAAD2) allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.

The vulnerability of the calculategain function in the libfaad/sbrhfadj.c component of the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related to the lack of comparison with MAXM. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its...

The vulnerability of the amqp_handle_input function in the amqp_connection.c component of the RabbitMQ messaging broker allows a attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the amqphandleinput function in the amqpconnection.c component of the RabbitMQ messaging broker is related to the lack of checks on the frame size. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause...

Transtek Mojodat FAM 安全漏洞

Transtek Mojodat FAM is a fixed asset management software from Transtek Lebanon. A security vulnerability exists in Transtek Mojodat FAM Fixed Asset Management version 2.4.6, which originates from a vulnerability that could allow a remote attacker to gain access to other user's data after a...

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to gain read access to data and modify it.

The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP protoco...

Online Market Place Site SQL注入漏洞

Online Market Place Site is an online marketplace site by Carlo Montero Personal Developer. Online Market Place Site version 1.0 suffers from a SQL injection vulnerability that stems from an unauthenticated blind SQL injection vulnerability that allows remote attackers to dump a SQL database via...

European Spyware Vendor Offering Android and iOS Device Exploits

By Deeba Ahmed The proposal documents were leaked on a Russian hacking forum showing Intellexa is offering remote data extraction from Android and iOS devices in exchange for $8 million. This is a post from HackRead.com Read the original post: European Spyware Vendor Offering Android and iOS Devi...

CVE-2022-32453

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors...

The vulnerability of the Hotspot component in Java SE software platforms, specifically the Oracle GraalVM Enterprise Edition virtual machine, allows attackers to create, delete, or alter access to data.

The vulnerability of the Hotspot component in Java SE software platforms, as well as in the Oracle GraalVM Enterprise Edition virtual machine, is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to create, delete, or modify access to data...

The vulnerability of the Hotspot component in Java SE software platforms, specifically the Oracle GraalVM Enterprise Edition virtual machine, allows attackers to gain access to data.

The vulnerability of the Hotspot component in Java SE software platforms, specifically the Oracle GraalVM Enterprise Edition virtual machine, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data throug...

CVE-2022-20346

In updateAudioTrackInfoFromESDSMPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

PT-2022-6819 · Ppp +3 · Ppp +3

Name of the Vulnerable Software and Affected Versions: ppp affected versions not specified Description: The issue is related to the function dumpppp of the file pppdump/pppdump.c of the component pppdump. It involves improper validation of array index due to the manipulation of the argument...

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.

The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...

CVE-2022-31775

IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or...

CVE-2022-1873

CVE-2022-1873 applies to Google Chrome where insufficient policy enforcement in COOP allowed cross-origin data leakage via a crafted HTML page. The issue is tied to Chrome versions before 102.0.5005.61. Affected components: Chrome’s COOP handling in cross-origin contexts. Impact per sources: pote...

DEBIAN-CVE-2022-21549

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated...

CVE-2022-21562

Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middleware component: Fabric Layer. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite...

PT-2022-4687 · Oracle · Oracle Banking Trade Finance

Name of the Vulnerable Software and Affected Versions: Oracle Banking Trade Finance version 14.5 Description: The issue exists due to insufficient input validation in the Infrastructure component of Oracle Banking Trade Finance, allowing a remote attacker to access, modify, add, or delete data vi...