IBM Curam Social Program Management code issue vulnerability (CNVD-2022-54649)

IBM Curam Social Program Management is a business and technology solution from IBM that provides pre-built health and social program components, business processes, toolsets and interfaces on top of a dynamically configurable architecture. A code issue vulnerability exists in versions 8.0.0 and...

Gentics Software Gentics CMS 代码问题漏洞

Gentics Software Gentics CMS is a digital publishing and content management system from the Austrian company Gentics Software. A code issue vulnerability exists in Gentics CMS version 5.36.29, which can be exploited by an attacker to gain access to the RCE chain...

SAP PowerDesigner code issue vulnerability

SAP PowerDesigner, a database design software from SAP, is vulnerable to a code issue in SAP PowerDesigner Proxy version 16.7, which could be exploited by attackers to bypass system root disk access restrictions, write or create program files on the system disk root path, and elevate the privileg...

SAP NetWeaver Developer Studio code issue vulnerability

SAP NetWeaver Developer Studio is a Java part of the integrated development environment IDE of the German company SAP. SAP NetWeaver Developer Studio is vulnerable to a code issue that could be exploited by an attacker to cause a loss of confidentiality and integrity...

Samsung Internet code issue vulnerability

Samsung Internet is a mobile application from Samsung South Korea. Samsung Internet version 17.0.1.69 has a code issue vulnerability that can be exploited by attackers to spoof the address bar by executing a script...

NocoDB 代码问题漏洞

NocoDB is an open source Airtable replacement. Convert any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into a smart spreadsheet. A code issue vulnerability exists in NocoDB versions prior to 0.91.7+. An attacker could exploit this vulnerability to obtain sensitive information...

Envoy code issue vulnerability

Envoy is an open source distributed proxy server. versions prior to Envoy 1.22.1 have a code issue vulnerability that could be exploited by an attacker to crash Envoy via null pointer dereference on an upstream server controlled by the vulnerability...

Upgraded Q -> M from 124 [1654442937681]

Judge has assessed an item in Issue 124 as Medium risk. The relevant finding follows: C4-006 : The Contract Should Approve0 first Impact Some tokens like USDT L199 do not work when changing the allowance from an existing non-zero allowance value. They must first be approved by zero and then the...

Trend Micro Apex One 代码问题漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. Trend Micro Apex One suffers from a code issue vulnerability that stems from the presence of uncontrolled search path elements in the application. A local attacker could use this vulnerability to load a DLL on an affected...

JGraph draw.io 代码问题漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io prior to version 18.1.2 that originates from exposing sensitive information to an unauthorized Actor...

Google TensorFlow code issue vulnerability (CNVD-2022-44171)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 are vulnerable to a code issue stemming from tf.rawops. QuantizedConv2D does not fully validate input parameters. No detailed...

Google TensorFlow code issue vulnerability (CNVD-2022-44164)

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to a code issue in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from tf.rawops. SparseTensorDenseAdd has incomplete validation for the input parameters. No detailed...

Mysiteforme 代码问题漏洞

Mysiteforme is a privilege management system. A security vulnerability exists in Mysiteforme version v2.2.1, which can be exploited by an attacker to spoof requests to the server side...

Chain Sea Ai Chatbot System code issue vulnerability

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, a Chinese company. or execute arbitrary code to take control of the system or terminate the service...

Connect-Multiparty 代码问题漏洞

Connect-Multiparty is a module. It is used for Connect-Multiparty middleware. A code issue vulnerability exists in Connect-Multiparty version 2.2.0, which stems from an arbitrary file upload issue in the File Upload module. An attacker can execute arbitrary code via a crafted PDF file...

WordPress plugin VikBooking Hotel Booking Engine & PMS 代码问题漏洞

WordPress is a suite of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. PHP is a scripting language that executes on the server side. WordPress VikBooking Hotel Booking Engine...

Siemens Teamcenter 代码问题漏洞

Siemens Teamcenter is a product lifecycle management computer software application from Siemens, Germany. Siemens Teamcenter contains a security vulnerability that could be exploited by attackers to view files on the application server file system...

F5 BIG-IP code issue vulnerability (CNVD-2022-79947)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP has a code issue vulnerability that can be exploited by attackers to cause a denial of service on the BIG-IP system...

F5 BIG-IP code issue vulnerability (CNVD-2022-74968)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP is vulnerable to a code issue that could be exploited by an attacker to cause a denial of service on the BIG-IP...

Charm 代码问题漏洞

Charm is Charm's set of tools for quickly building CLI programs. A code issue vulnerability exists in Charm. An attacker could exploit this vulnerability to spoof HTTP requests to manipulate the Charm data directory to access or delete any file on the server...