14 matches found
CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices
A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...
EUVD-2025-38250
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...
CVE-2025-4993
Untrusted Pointer Dereference vulnerability in RTI Connext Professional Core Libraries allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0., from 5.3.0 before 5.3., from 4.4a...
CVE-2017-11197
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option...
PT-2025-6175 · Wattsense · Wattsense Bridge
Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.1.0 Description: An authenticated attacker can use the Plugin Manager of the web interface to upload malicious Python files, enabling remote root access to the device. The attacker needs a valid user accou...
PT-2023-4067 · Apache · Apache Airflow Hive Provider
Name of the Vulnerable Software and Affected Versions: Apache Airflow Apache Hive Provider versions prior to 6.1.2 Description: The issue is related to improper input validation, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected...
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
...
SUSE CVE-2014-1290
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293...
UBUNTU-CVE-2023-21885
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2021-2123
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...
Siemens XHQ SQL注入漏洞
Siemens XHQ is a software platform that aggregates plant or pipeline operational data, processes it in a goal-oriented manner, and then makes decisions in real time to effectively improve plant or pipeline operational performance. A SQL injection vulnerability exists in Siemens XHQ versions prior...
IBM Tivoli Storage Manager FastBack Arbitrary Command Execution Vulnerability (CNVD-2015-04167)
IBM Tivoli Storage Manager FastBack is a suite of software that provides continuous data protection and recovery management capabilities for Microsoft Windows and Linux servers. An arbitrary command execution vulnerability in IBM Tivoli Storage Manager FastBack version 6.1 prior to 6.1.12 allows...
UBUNTU-CVE-2013-0948
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1...
CVE-2010-1971
Cross-site request forgery CSRF vulnerability in HP Insight Software Installer for Windows before 6.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, a different vulnerability than CVE-2010-1968...