46 matches found
EUVD-2023-41371
Malicious code in bioql PyPI...
EUVD-2023-40843
Malicious code in bioql PyPI...
EUVD-2022-53044
Malicious code in bioql PyPI...
EUVD-2023-44902
Malicious code in bioql PyPI...
EUVD-2023-41370
Malicious code in bioql PyPI...
EUVD-2023-45177
Malicious code in bioql PyPI...
EUVD-2023-36379
Malicious code in bioql PyPI...
CVE-2023-32111
In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...
CVE-2022-31590
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...
SAP PowerDesigner Input Validation Error Vulnerability
SAP PowerDesigner is a database design software from SAP Germany. An input validation error vulnerability exists in SAP PowerDesigner version 16.7, which stems from an inability to adequately validate a BPMN2 XML document imported from an untrusted source. An attacker could exploit this...
CVE-2023-40310
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
Xxe
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
CVE-2023-40310 Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
CVE-2023-40310 Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
SAP PowerDesigner 安全漏洞
SAP PowerDesigner is a database design software from SAP Germany. An input validation error vulnerability exists in SAP PowerDesigner version 16.7, which stems from an inability to adequately validate a BPMN2 XML document imported from an untrusted source. An attacker could exploit this...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Business Objects, SAP HANA, SAP Netweaver and SAP PowerDesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSR...
SAP PowerDesigner Code Injection Vulnerability (CNVD-2024-23328)
SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...
CVE-2023-40621
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
CVE-2023-40621 Code Injection vulnerability in SAP PowerDesigner Client
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
SAP PowerDesigner 代码注入漏洞
SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...