Lucene search
K

87 matches found

CVE
CVE
added 2023/04/24 12:0 a.m.53 views

CVE-2023-26097

Telindus Apsal is affected: version 3.14.2022.235 b may allow unauthorized actions that could modify the application behavior and may not be blocked. Connected sources confirm the affected software and the general impact (unauthorized actions impacting behavior) but do not provide a technical roo...

8.4CVSS5.5AI score0.00188EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/29 6:31 p.m.53 views

smarty Cross-site Scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

7.1CVSS7AI score0.01025EPSS
Exploits0References9Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/22 12:0 a.m.6 views

The vulnerability of the “EMIAS” operating system’s libacl.so.1 library allows attackers to execute unintended logic and other unexpected behaviors in applications.

The vulnerability of the “libacl.so.1” library in the “EMIAS” operating system is related to the use of an erroneous operator. Exploiting this vulnerability may allow attackers to execute unintended logic and other unexpected behaviors in the application...

4CVSS5.6AI score
Exploits0Affected Software2
OSV
OSV
added 2022/07/12 9:15 p.m.5 views

CVE-2022-31593

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

8.8CVSS5.8AI score0.00838EPSS
Exploits0References2
Prion
Prion
added 2022/07/12 9:15 p.m.19 views

Code injection

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

6.5CVSS8.6AI score0.00838EPSS
Exploits0References2Affected Software1
Redos
Redos
added 2022/04/07 12:0 a.m.85 views

ROS-20220407-03

A vulnerability in the Python client library is related to insufficient validation of user input data in the FTP File Transfer Protocol library when used in PASV passive mode in the FTP File Transfer Protocol library when it is used in PASV passive mode. Exploitation the vulnerability could allow...

7.5CVSS6.7AI score0.08325EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/02/10 11:30 p.m.48 views

Deserialization of Untrusted Data in bson

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure...

5.5CVSS3.3AI score0.00906EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/10 11:30 p.m.21 views

GHSA-4JWP-VFVF-657P Deserialization of Untrusted Data in bson

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure...

5.4CVSS5.3AI score0.00906EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2021/12/14 6:40 p.m.47 views

CVE-2021-4044

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

7.5CVSS7.4AI score0.50099EPSS
Exploits0
NVD
NVD
added 2021/12/14 4:15 p.m.23 views

CVE-2021-44231

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

9.8CVSS0.01294EPSS
Exploits0References2
Prion
Prion
added 2021/12/14 4:15 p.m.20 views

Code injection

Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

7.5CVSS9.3AI score0.01294EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2021/12/14 3:44 p.m.62 views

CVE-2021-44231

The CVE-2021-44231 issue is linked to SAP NetWeaver AS ABAP (and related ABAP server components) with a code-injection vulnerability in internally used text-extraction reports. The connected Nessus entry for SAP NetWeaver ABAP (3119365) describes a vulnerability where an attacker could inject cod...

9.8CVSS9.3AI score0.01294EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2021/10/12 3:15 p.m.23 views

Code injection

Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application...

7.5CVSS9.4AI score0.01123EPSS
Exploits0References2Affected Software1
Huntr
Huntr
added 2021/09/05 12:50 p.m.9 views

in fisharebest/webtrees

✍️ Description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. The Forgot Password feature can be exploited to conduct user enumeration. If the given email exists in the...

Exploits0References1
CNVD
CNVD
added 2021/07/01 12:0 a.m.6 views

IBM Cognos Analytics Gain Access Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics has a...

6.5CVSS6.5AI score0.00951EPSS
Exploits0References1
OSV
OSV
added 2021/06/30 2:15 p.m.7 views

CVE-2021-20461

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770...

6.5CVSS5.8AI score0.00951EPSS
Exploits0References3
NVD
NVD
added 2021/06/30 2:15 p.m.18 views

CVE-2021-20461

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770...

6.5CVSS0.00951EPSS
Exploits0References3
Prion
Prion
added 2021/06/30 2:15 p.m.24 views

Default configuration

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770...

4CVSS6.2AI score0.00951EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/06/30 1:25 p.m.19 views

CVE-2021-20461

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. An attacker could potentially bypass business logic to modify the appearance and behavior of the application. IBM X-Force ID: 196770...

4.3CVSS6.3AI score0.00951EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.30 views

SUSE SLES11 Security Update : openssl (SUSE-SU-2021:14670-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14670-1 advisory. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length...

7.5CVSS6.6AI score0.50732EPSS
Exploits0References7
Rows per page
Query Builder