25 matches found
GHSA-6GXQ-F64P-5W6F ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process...
EUVD-2020-4909
Malware in sbrugna...
EUVD-2022-37612
Malicious code in bioql PyPI...
CVE-2023-26440
The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the inpu...
CVE-2022-34660
A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.15, Teamcenter V13.0 All versions V13.0.0.10, Teamcenter V13.1 All versions V13.1.0.10, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.5, Teamcenter V14.0 All versions V14.0.0.2. File Serv...
CVE-2023-26440
The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the inpu...
CVE-2023-26441
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the...
CVE-2023-26439
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have...
CVE-2023-26439
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have...
Open-Xchange AppSuite SQL Injection Vulnerability
Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-Xchange AppSuite that stems from a SQL injection vulnerability in the Cacheservice...
Description of the security update for SharePoint Server Subscription Edition: May 9, 2023 (KB5002390)
Description of the security update for SharePoint Server Subscription Edition: May 9, 2023 KB5002390 Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability, Microsoft SharePoint Server information disclosure vulnerability, and Microsoft SharePoint Server remote...
CVE-2022-34660
A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.15, Teamcenter V13.0 All versions V13.0.0.10, Teamcenter V13.1 All versions V13.1.0.10, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.5, Teamcenter V14.0 All versions V14.0.0.2. File Serv...
PT-2022-4150 · Siemens · Teamcenter
Name of the Vulnerable Software and Affected Versions: Teamcenter versions prior to V12.4.0.15 Teamcenter versions prior to V13.0.0.10 Teamcenter versions prior to V13.1.0.10 Teamcenter versions prior to V13.2.0.9 Teamcenter versions prior to V13.3.0.5 Teamcenter versions prior to V14.0.0.2...
SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
Title: SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG Date: 2020-05-06 Vendor: https://www.solarwindsmsp.com/ CVE: CVE-2020-12608 GitHub: https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608 CVSSv3:...
CVE-2020-12608
An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...
CVE-2020-12608
An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...
Design/Logic Flaw
An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...
CVE-2020-12608
An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...
CVE-2020-12608
Summary (concrete details known): The vulnerability CVE-2020-12608 affects SolarWinds MSP PME (Patch Management Engine) Cache Service in the Advanced Monitoring Agent, with versions before 1.1.15. The root cause is insecure file permissions on the config directory under %PROGRAMDATA%\SolarWinds M...
SolarWinds MSP PME Cache Service Insecure File Permissions / Code Execution
Title: SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG GitHub: https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608 CVSSv3: 8.2 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE:...