87 matches found
CVE-2023-26097
Telindus Apsal is affected: version 3.14.2022.235 b may allow unauthorized actions that could modify the application behavior and may not be blocked. Connected sources confirm the affected software and the general impact (unauthorized actions impacting behavior) but do not provide a technical roo...
smarty Cross-site Scripting vulnerability in Javascript escaping
Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...
The vulnerability of the “EMIAS” operating system’s libacl.so.1 library allows attackers to execute unintended logic and other unexpected behaviors in applications.
The vulnerability of the “libacl.so.1” library in the “EMIAS” operating system is related to the use of an erroneous operator. Exploiting this vulnerability may allow attackers to execute unintended logic and other unexpected behaviors in the application...
CVE-2022-31593
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
Code injection
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
ROS-20220407-03
A vulnerability in the Python client library is related to insufficient validation of user input data in the FTP File Transfer Protocol library when used in PASV passive mode in the FTP File Transfer Protocol library when it is used in PASV passive mode. Exploitation the vulnerability could allow...
Deserialization of Untrusted Data in bson
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure...
GHSA-4JWP-VFVF-657P Deserialization of Untrusted Data in bson
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure...
CVE-2021-4044
Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...
CVE-2021-44231
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
Code injection
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
CVE-2021-44231
The CVE-2021-44231 issue is linked to SAP NetWeaver AS ABAP (and related ABAP server components) with a code-injection vulnerability in internally used text-extraction reports. The connected Nessus entry for SAP NetWeaver ABAP (3119365) describes a vulnerability where an attacker could inject cod...
Code injection
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...
in fisharebest/webtrees
✍️ Description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. The Forgot Password feature can be exploited to conduct user enumeration. If the given email exists in the...
IBM Cognos Analytics Gain Access Vulnerability
IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics has a...
CVE-2021-20461
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770...
CVE-2021-20461
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770...
Default configuration
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770...
CVE-2021-20461
IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770...
SUSE SLES11 Security Update : openssl (SUSE-SU-2021:14670-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14670-1 advisory. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length...