244 matches found
CVE-2023-32227
The CVE-2023-32227 entry concerns Synel SYnergy Fingerprint Terminals with CWE-798 (Use of Hard-coded Credentials). Connected sources confirm a vulnerability in the Synel SYnergy line where credentials are hard-coded, enabling high-impact exposure (CVE metrics show CVSS v3.1 base score 9.8, netwo...
Synel Industries SYnergy Fingerprint Terminals 操作系统命令注入漏洞
Synel Industries SYnergy Fingerprint Terminals are a series of fingerprint recognition terminals from Synel Industries. These terminals are designed to provide an efficient employee time and attendance and access control solution that utilizes fingerprint recognition technology for fast and...
Synel Industries SYnergy Fingerprint Terminals 信任管理问题漏洞
Synel Industries SYnergy Fingerprint Terminals are a series of fingerprint recognition terminals from Synel Industries. These terminals are designed to provide an efficient employee time and attendance and access control solution that utilizes fingerprint recognition technology for fast and...
hrsynergy.online Cross Site Scripting vulnerability OBB-3403113
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2020-15117
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...
Vulnerability fixed in Exact Synergy
A vulnerability has been fixed in Exact Synergy Enterprise. The vulnerability allows a malicious party to use Cross-Site Scripting XSS to execute arbitrary code under the rights of the user. A malicious party needs to be authenticated to be able to see within the application a profile picture, in...
CVE-2022-45338
An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...
CVE-2022-45338
An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...
CVE-2022-45338
The CVE-2022-45338 issue affects Exact Synergy Enterprise 267 (pre-267SP13) and 500 (pre-500SP6). It is an arbitrary file upload vulnerability in the profile picture upload function that permits executing arbitrary code via a crafted SVG file. Affected component: profile picture upload handler; r...
CVE-2022-45338
An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...
Exact Synergy Enterprise 代码问题漏洞
Exact Synergy Enterprise is a platform from Dutch company Exact that handles all business processes and integrates them with ERP systems. A security vulnerability exists in Exact Synergy Enterprise versions prior to 267 267SP13 and Exact Synergy Enterprise versions prior to 500 500SP6, which stem...
CVE-2022-45338
An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...
Autodesk Moldflow 缓冲区错误漏洞
Autodesk Moldflow is a software simulation from the American company Autodesk. It can show how the resin fills the mold during the injection molding process. A security vulnerability exists in Autodesk Moldflow version 2021, 2019 that originates from a maliciously crafted used through the Moldflo...
Autodesk FBX-SDK 缓冲区错误漏洞
Autodesk FBX-SDK is a C++ software development platform and API toolkit from Autodesk, Inc. that is primarily used to convert existing content to FBX format. A security vulnerability exists in Autodesk FBX-SDK version 2020 and prior versions, which stems from a maliciously crafted file used throu...
Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 04 and earlier versions.
Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...
CVE-2022-33883
A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context ...
CVE-2022-33883
A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context ...
CVE-2022-33883
A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context ...
Memory corruption
A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context ...