167 matches found
GHSA-6247-7862-Q2PQ Apache Helix Front (UI) component contained a hard-coded secret
The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...
CVE-2024-7490
The CVE-2024-7490 issue is a stack-based overflow in Microchip Advanced Software Framework’s tinydhcpserver implementation (lwip_dhcp_find_option) caused by improper input validation. Affects ASF through version 3.52.0.2574; no fixes in the ASF stack are provided, and Microchip states the framewo...
PT-2024-38288 · D Link · D-Link Dir-600
Name of the Vulnerable Software and Affected Versions: D-Link DIR-600 versions up to 2.18 Description: A critical issue affects the function soapcgi main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. This issue...
SUSE Enterprise Linux SEoL (11.3.x)
According to its version, SUSE Enterprise Linux is 11.3.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 809...
Apache Submarine Server Core has a SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...
PYSEC-2024-98
UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...
PYSEC-2024-97
UNSUPPORTED WHEN ASSIGNED Improper Authentication vulnerability in Apache Submarine Commons Utils. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or...
PT-2024-26939 · Apache · Apache Submarine Server Core
Name of the Vulnerable Software and Affected Versions: Apache Submarine Server Core affected versions not specified Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This affects products that are no long...
CVE-2024-3700 Hardcoded password in Estomed Sp. z o.o. Simple Care software
Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer...
PT-2024-25823 · Apache · Apache Karaf Cave
Name of the Vulnerable Software and Affected Versions: Apache Karaf Cave versions all Description: The issue is related to an Improper Input Validation vulnerability. This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to find an...
GHSA-RR59-H6RH-V84V Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Improper Input Validation vulnerability in Apache Zeppelin SAP. This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance ...
PT-2024-3589 · Apache · Apache Zeppelin Sap
Name of the Vulnerable Software and Affected Versions: Apache Zeppelin SAP versions 0.8.0 through 0.10.x Description: The issue is related to improper input validation, which can be exploited by a remote attacker to disclose protected information or cause a denial of service using a specially...
Microsoft Windows 10 1809 Home SEoL
Microsoft Windows 10 1809 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Microsoft Windows 10 21H2 Home SEoL
Microsoft Windows 10 21H2 Home is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Microsoft Windows 10 1809 Enterprise LTSC SEoL
Microsoft Windows 10 1809 Enterprise LTSC is no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C Tenable, Inc...
GHSA-H595-VWHC-3XWX Apache Archiva Incorrect Authorization vulnerability
UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do...
CVE-2023-5378
Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown...
CVE-2023-7098 icret EasyImages hide.php path traversal
UNSUPPORTED WHEN ASSIGNED A vulnerability classified as problematic was found in icret EasyImages 2.8.3. This vulnerability affects unknown code of the file app/hide.php. The manipulation of the argument key leads to path traversal: '../filedir'. The attack can be initiated remotely. The complexi...
GHSA-JPFP-XQ3P-4H3R Deis Workflow Manager race condition vulnerability
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...
Deis Workflow Manager race condition vulnerability
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...