Lucene search
K

16 matches found

OSV
OSV
added 2025/08/13 3:30 p.m.3 views

GHSA-23HV-MWM6-G8JF Apache Tomcat Session Fixation vulnerability

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

6.5CVSS5.8AI score0.00775EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/02/14 4:2 a.m.5 views

SUSE CVE-2024-54682

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...

4.9CVSS6.5AI score0.00416EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

Adobe Substance 3D Painter 缓冲区错误漏洞

Adobe Substance 3D Painter is a 3D texturing application from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance 3D Painter version 10.1.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the context of the current user...

7.8CVSS7.5AI score0.00265EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.6 views

HCL Technologies Workload Automation 代码问题漏洞

HCL Technologies Workload Automation is a workload automation software from HCL Technologies India. It refers to the use of software to schedule, manage and execute various business tasks and processes with minimal human intervention. A security vulnerability exists in HCL Technologies Workload...

8.1CVSS7.7AI score0.00821EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.5 views

SUSE CVE-2013-0626

Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610...

10CVSS8.2AI score0.0784EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.4 views

Johnson Controls Metasys ADS/ADX/OAS 安全漏洞

Johnson Controls Metasys ADS/ADX/OAS Servers is an application and data server from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls Metasys ADS/ADX/OAS version 10 up to and including 10.1.6, and version 11 up to and including 11.0.3, which stems from insufficient...

7.8CVSS7.2AI score0.00418EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/12 12:0 a.m.6 views

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979...

6.5CVSS6.6AI score0.0084EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/06/30 12:0 a.m.4 views

华为智能手机安全漏洞

Huawei phones are smartphones from Huawei, a Chinese company. A security vulnerability exists in multiple Huawei SmartPhones that stems from a lack of effective permission granting and access control measures in the product. The vulnerability can be exploited by an attacker to affect the normal u...

7.5CVSS7.5AI score0.00641EPSS
Exploits0References2
CNVD
CNVD
added 2020/12/24 12:0 a.m.2 views

IBM DB2 Denial of Service Vulnerability (CNVD-2020-73751)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM DB2 9.7, 10.1, 10.5, 11.1, 11.5. A local attacker can...

6.2CVSS6.5AI score0.00365EPSS
Exploits0References1
OSV
OSV
added 2020/06/15 2:15 p.m.2 views

CVE-2020-4469

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix...

9.8CVSS7.7AI score0.13388EPSS
Exploits0References3
CNVD
CNVD
added 2020/06/15 12:0 a.m.3 views

IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2020-33087)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...

6.5CVSS6.3AI score0.0094EPSS
Exploits0References1
OSV
OSV
added 2019/10/08 8:15 p.m.5 views

CVE-2019-0370

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...

6.5CVSS6.6AI score0.00721EPSS
Exploits0References2
OSV
OSV
added 2018/09/21 1:29 p.m.3 views

CVE-2018-1711

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369...

7.8CVSS5.8AI score0.00369EPSS
Exploits0References4
OSV
OSV
added 2018/05/25 2:29 p.m.6 views

CVE-2018-1459

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...

7.8CVSS6.2AI score0.00514EPSS
Exploits0References3
CNVD
CNVD
added 2017/09/01 12:0 a.m.3 views

IBM Emptoris Sourcing Cross-Site Scripting Vulnerability (CNVD-2017-25049)

IBM Emptoris Sourcing is a source-to-contract solution from IBM USA. The solution helps organizations get affordable prices and greater value from suppliers by examining factors such as cost, risk and performance in sourcing decisions. A cross-site scripting vulnerability exists in IBM Emptoris...

5.4CVSS5.5AI score0.00627EPSS
Exploits0References1
OSV
OSV
added 2017/07/05 1:29 p.m.4 views

CVE-2017-1256

IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678...

6.1CVSS5.4AI score0.00842EPSS
Exploits0References3
Rows per page
Query Builder