642 matches found
The vulnerability of the specialized software development environment SCADAPack Workbench allows a perpetrator to transfer data from local files to a remote system.
The vulnerability of the specialized software development environment SCADAPack Workbench arises from incorrect restrictions on XML references to external objects. This allows attackers to transfer data from local files to a remote system...
The vulnerability of the iotdb-web-workbench component of the IoT database for Apache IoTDB allows a hacker to escalate their privileges.
The vulnerability of the iotdb-web-workbench component of the IoT database solution from Apache IoTDB is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to enhance their privileges remotely...
CVE-2023-24829
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....
PYSEC-2023-5
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....
CVE-2023-24829 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....
CVE-2023-24829
CVE-2023-24829 involves an Incorrect Authorization vulnerability in the iotdb-web-workbench component of Apache IoTDB. The issue affects iotdb-web-workbench from 0.13.0 up to versions before 0.13.3, and is fixed starting with 0.13.3. iotdb-web-workbench is an optional web console for IoTDB. Conse...
CVE-2023-24829 Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....
CVE-2023-24830 Apache IoTDB Workbench: apache/iotdb-web-workbench: create a user without authorization
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3...
Vulnerabilities fixed in Oracle MySQL
Vulnerabilities have been fixed in Oracle MySQL. The vulnerabilities allow a malicious party to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User Rights Access to sensitive data Oracle has fixed vulnerabilities i...
Security Bulletin: Multiple security vulnerabilities in the IBM InfoSphere Information Server Suite.
Abstract Security Bulletin: Multiple security vulnerabilities in the IBM InfoSphere Information Server Suite. Content SUMMARY: Security vulnerabilities exist in various versions of IBM Information Server or constituent products. Note: The same fix may be listed under multiple vulnerabilities...
GHSA-G43X-PCC9-F472 Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to change the contents of the Topaz Workbench CLI home directory on agents to have Jenkins parse a crafted file that uses...
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to change the contents of the Topaz Workbench CLI home directory on agents to have Jenkins parse a crafted file that uses...
Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench is vulnerable to a denial of service attack in Spring Framework (CVE-2022-22971)
Summary Spring Framework is vulnerable to a security issue affecting Rational Test Control Panel Vulnerability Details CVEID:CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. By sending a...
CVE-2022-2463
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM leve...
CVE-2022-2465
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if...
CVE-2022-2464
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing fil...
CVE-2022-2463
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM leve...
CVE-2022-2464
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing fil...
CVE-2022-2465
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if...
Path traversal
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM leve...