Lucene search
+L

244 matches found

cve
cve
added 2023/07/30 8:3 a.m.48 views

CVE-2023-32227

The CVE-2023-32227 entry concerns Synel SYnergy Fingerprint Terminals with CWE-798 (Use of Hard-coded Credentials). Connected sources confirm a vulnerability in the Synel SYnergy line where credentials are hard-coded, enabling high-impact exposure (CVE metrics show CVSS v3.1 base score 9.8, netwo...

9.8CVSS9.7AI score0.00616EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2023/07/30 12:0 a.m.4 views

Synel Industries SYnergy Fingerprint Terminals 操作系统命令注入漏洞

Synel Industries SYnergy Fingerprint Terminals are a series of fingerprint recognition terminals from Synel Industries. These terminals are designed to provide an efficient employee time and attendance and access control solution that utilizes fingerprint recognition technology for fast and...

9.8CVSS8.4AI score0.01278EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/07/30 12:0 a.m.6 views

Synel Industries SYnergy Fingerprint Terminals 信任管理问题漏洞

Synel Industries SYnergy Fingerprint Terminals are a series of fingerprint recognition terminals from Synel Industries. These terminals are designed to provide an efficient employee time and attendance and access control solution that utilizes fingerprint recognition technology for fast and...

9.8CVSS8.4AI score0.00616EPSS
Exploits0References2
openbugbounty
openbugbounty
added 2023/06/07 7:6 p.m.18 views

hrsynergy.online Cross Site Scripting vulnerability OBB-3403113

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
susecve
susecve
added 2023/02/15 3:57 a.m.3 views

SUSE CVE-2020-15117

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...

6.5CVSS6.4AI score0.02494EPSS
Exploits0References3
ncsc
ncsc
added 2022/12/16 12:0 a.m.6 views

Vulnerability fixed in Exact Synergy

A vulnerability has been fixed in Exact Synergy Enterprise. The vulnerability allows a malicious party to use Cross-Site Scripting XSS to execute arbitrary code under the rights of the user. A malicious party needs to be authenticated to be able to see within the application a profile picture, in...

7.8CVSS6.8AI score0.00223EPSS
Exploits0
osv
osv
added 2022/12/15 11:15 p.m.1 views

CVE-2022-45338

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...

7.8CVSS6.1AI score0.00223EPSS
Exploits0References1
nvd
nvd
added 2022/12/15 11:15 p.m.13 views

CVE-2022-45338

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...

7.8CVSS0.00223EPSS
Exploits0References1
prion
prion
added 2022/12/15 11:15 p.m.13 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...

4.4CVSS7.8AI score0.00223EPSS
Exploits0References1Affected Software1
cve
cve
added 2022/12/15 12:0 a.m.56 views

CVE-2022-45338

The CVE-2022-45338 issue affects Exact Synergy Enterprise 267 (pre-267SP13) and 500 (pre-500SP6). It is an arbitrary file upload vulnerability in the profile picture upload function that permits executing arbitrary code via a crafted SVG file. Affected component: profile picture upload handler; r...

7.8CVSS7.8AI score0.00223EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2022/12/15 12:0 a.m.6 views

CVE-2022-45338

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...

7.8AI score0.00223EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/12/15 12:0 a.m.6 views

Exact Synergy Enterprise 代码问题漏洞

Exact Synergy Enterprise is a platform from Dutch company Exact that handles all business processes and integrates them with ERP systems. A security vulnerability exists in Exact Synergy Enterprise versions prior to 267 267SP13 and Exact Synergy Enterprise versions prior to 500 500SP6, which stem...

7.8CVSS7.6AI score0.00223EPSS
Exploits0References2
cvelist
cvelist
added 2022/12/15 12:0 a.m.20 views

CVE-2022-45338

An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file...

8AI score0.00223EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/10/14 12:0 a.m.8 views

Autodesk Moldflow 缓冲区错误漏洞

Autodesk Moldflow is a software simulation from the American company Autodesk. It can show how the resin fills the mold during the injection molding process. A security vulnerability exists in Autodesk Moldflow version 2021, 2019 that originates from a maliciously crafted used through the Moldflo...

7.8CVSS7.6AI score0.00387EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/10/14 12:0 a.m.6 views

Autodesk FBX-SDK 缓冲区错误漏洞

Autodesk FBX-SDK is a C++ software development platform and API toolkit from Autodesk, Inc. that is primarily used to convert existing content to FBX format. A security vulnerability exists in Autodesk FBX-SDK version 2020 and prior versions, which stems from a maliciously crafted file used throu...

7.8CVSS7.5AI score0.00397EPSS
Exploits0References2
ibm
ibm
added 2022/10/11 1:3 p.m.81 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2 Fix Pack 04 and earlier versions.

Summary Vulnerabilities in the Jetty 9.4.42 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2022-2191 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw with SslConnection does not release...

7.5CVSS7.3AI score0.99298EPSS
Exploits17Affected Software1
attackerkb
attackerkb
added 2022/10/03 3:15 p.m.2 views

CVE-2022-33883

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context ...

7.8CVSS6AI score0.0038EPSS
Exploits0References2
nvd
nvd
added 2022/10/03 3:15 p.m.19 views

CVE-2022-33883

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context ...

7.8CVSS0.0038EPSS
Exploits0References1
osv
osv
added 2022/10/03 3:15 p.m.3 views

CVE-2022-33883

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context ...

7.8CVSS6AI score0.0038EPSS
Exploits0References1
prion
prion
added 2022/10/03 3:15 p.m.17 views

Memory corruption

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context ...

4.4CVSS8AI score0.0038EPSS
Exploits0References1Affected Software4
Rows per page
Query Builder