87 matches found
VMware Spring Framework Code Injection Vulnerability
VMware Spring Framework is an open source Java, JavaEE application framework from VMware, Inc. A code injection vulnerability exists in Vmware Spring Framework, which stems from the RCE for data binding on JDK 9. No details of the vulnerability are currently available...
Orchard Coret Cross-Site Scripting Vulnerability
Net Core, an open source modular and multi-tenant application framework built using Asp.Net Core, and a content management system Cms built on top of the framework.A cross-site scripting vulnerability exists in Orchard Core, which stems from the lack of proper validation of client-side data in th...
Vmware Spring Framework has an unspecified vulnerability
Vmware Spring Framework is an open source Java, JavaEE application framework from Vmware, Inc. The framework helps developers build high-quality applications.Vmware Spring Framework has a security vulnerability that can be exploited by attackers to bypass Spring Framework access restrictions...
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-3541 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack whic...
Oracle E-Business Suite Denial of Service Vulnerability (CNVD-2022-02347)
Oracle E-Business Suite is an extension of the original Application ERP, including ERP enterprise resource planning management, HR human resource management, CRM customer relationship management and other collections of management software, a seamlessly integrated management suite. Oracle...
CVE-2021-1460 Cisco IOx Application Framework Denial of Service Vulnerability
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers Industrial ISRs, Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of...
CVE-2021-1460 Cisco IOx Application Framework Denial of Service Vulnerability
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers Industrial ISRs, Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of...
CVE-2021-1460
The CVE-2021-1460 issue affects the Cisco IOx Application Framework running on Cisco 809/829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway. The root cause is insufficient error handling during packet processing in the IOx web server, which could be tr...
[SECURITY] Fedora 32 Update: php-horde-horde-5.2.23-1.fc32
The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of...
Cisco IOx Application Framework Backlink Vulnerability
Cisco Iox is the U.S. Cisco Cisco a combination of Cisco IOS and Linux OS for secure network connectivity and the development of IOT applications for secure development environment. A backlink vulnerability exists in Cisco IOx Application Framework versions prior to 1.9.0, which arises from a...
CVE-2020-3238
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...
Input validation
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...
Design/Logic Flaw
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction...
CVE-2020-3238 Cisco IOx Application Framework Arbitrary File Creation Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...
CVE-2020-3238 Cisco IOx Application Framework Arbitrary File Creation Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...
CVE-2020-3237 Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction...
CVE-2020-3237 Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, local attacker to overwrite arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient path restriction...
CVE-2020-3237
The CVE-2020-3237 issue affects Cisco IOx Application Framework within the Cisco IOx application environment. It stems from insufficient path restriction enforcement, enabling an authenticated, local attacker to overwrite arbitrary files in the running virtual instance by including a crafted file...
CVE-2020-3233
CVE-2020-3233 describes a stored cross-site scripting (XSS) vulnerability in Cisco IOx Application Framework’s web-based Local Manager interface. An authenticated user with Local Manager credentials can inject malicious code via the System Settings tab due to insufficient input validation, leadin...
Cisco IOx Application Framework Arbitrary File Creation Vulnerability
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...