23 matches found
CVE-2026-30234
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...
CVE-2026-30234 OpenProject BIM BCF XML Import: <Snapshot> Path Traversal Leads to Arbitrary Local File Read (AFR)
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...
CVE-2026-30234 OpenProject BIM BCF XML Import: <Snapshot> Path Traversal Leads to Arbitrary Local File Read (AFR)
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...
EUVD-2026-11202
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...
PT-2026-24719
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the value in markup.bcf is manipulated to contain an absolute or traversal local path for example: /etc/passwd...
CVE-2023-30638
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands...
PT-2024-40673 · Git +1 · Htslib
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a negative-size-param, as reported by OSS-Fuzz. The crash occurs in the following functions: vcf parse format,...
CVE-2023-6269
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" SBC and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticat...
CVE-2023-6269 Argument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" SBC and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticat...
CVE-2023-6269
CVE-2023-6269 describes an argument injection vulnerability in Atos Unify OpenScape SBC, Branch, and BCF. Affected products and versions: OpenScape Session Border Controller (SBC) and OpenScape Branch prior to V10 R3.4.0; OpenScape BCF prior to V10R10.12.00 and V10R11.05.02. Root cause: improper ...
Atos Unify OpenScape Code Execution / Missing Authentication Vulnerabilities
Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch, and Atos Unify OpenScape BCF suffer from remote code execution and missing authentication vulnerabilities. Atos OpenScape SBC versions before 10 R3.3.0, Branch version 10 versions before R3.3.0, and BCF version 10 versio...
CVE-2023-30638
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands...
CVE-2023-30638
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands...
Command injection
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands...
CVE-2023-30638
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands...
Atos Unify OpenScape SBC 命令注入漏洞
Atos Unify OpenScape SBC is a datacenter-ready virtualization security application from Atos France. It is used to securely extend your applications beyond the network perimeter. A security vulnerability exists in Atos Unify OpenScape SBC 10 versions prior to 10R3.1.3, OpenScape Branch 10 version...
PT-2023-22831 · Atos · Atos Unify Openscape Bcf 10 +1
Name of the Vulnerable Software and Affected Versions: Atos Unify OpenScape SBC 10 versions prior to 10R3.1.3 Atos Unify OpenScape Branch 10 versions prior to 10R3.1.2 Atos Unify OpenScape BCF 10 versions prior to 10R10.7.0 Description: The issue allows remote authenticated admins to inject...
CVE-2023-30638
CVE-2023-30638 affects Atos Unify OpenScape SBC 10 versions prior to 10R3.1.3, OpenScape Branch 10 versions prior to 10R3.1.2, and OpenScape BCF 10 versions prior to 10R10.7.0. The vulnerability allows remote authenticated admins to inject commands. Public exploitation details are not present in ...
CVE-2022-36444
An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker with network access to the admi...
CVE-2022-36444
An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10R2.2.1, Atos Unify OpenScape Branch 9 and 10 before version 10R2.1.1, and Atos Unify OpenScape BCF 10 before 10R9.12.1. A remote code execution vulnerability may allow an unauthenticated attacker with network access to the admi...