Lucene search
+L

184 matches found

OSV
OSV
added 2023/02/04 9:15 p.m.11 views

CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

8.1CVSS5.8AI score0.00948EPSS
Exploits0References1
NVD
NVD
added 2023/02/04 9:15 p.m.36 views

CVE-2022-45786

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

8.1CVSS8.4AI score0.00948EPSS
Exploits0References1
Prion
Prion
added 2023/02/04 9:15 p.m.16 views

Sql injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

5.1CVSS8.3AI score0.00948EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/04 8:40 p.m.45 views

CVE-2022-45786 Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

8.6AI score0.00948EPSS
Exploits0References1
CVE
CVE
added 2023/02/04 8:40 p.m.85 views

CVE-2022-45786

CVE-2022-45786 documents a SQL injection in Apache AGE when using the Golang and Python drivers with PostgreSQL 11/12 (up to AGE 1.1.0). Root cause: the cypher() placeholder could not be parameterized, and driver parameterization was insufficient, enabling injections. Mitigation: upgrade the Gola...

8.1CVSS8.3AI score0.00948EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/14 1:15 a.m.19 views

Path traversal

APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...

4CVSS6.5AI score0.00658EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/01/14 12:29 a.m.45 views

CVE-2022-23532 neo4j-apoc-procedures is vulnerable to path traversal

APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...

7.1CVSS7.1AI score0.00658EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/14 12:0 a.m.9 views

Neo4j 路径遍历漏洞

Neo4j is a Java-based and fully ACID-compatible graphical database from Neo4j, Inc. that supports data migration, add-ons, and more. A path traversal vulnerability exists in Neo4j APOC Awesome Procedures on Cypher. An attacker can exploit this vulnerability to access files and directories stored...

7.1CVSS6.5AI score0.00658EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/01/13 9:28 p.m.33 views

org.neo4j.procedure:apoc Path Traversal Vulnerability

Impact A Path Traversal Vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the...

7.1CVSS3.3AI score0.00658EPSS
Exploits0References4Affected Software1
ICS
ICS
added 2023/01/05 12:0 a.m.37 views

Hitachi Energy UNEM

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: UNEM Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information. 2. RISK EVALUATION Successful...

9.8CVSS7.4AI score0.00569EPSS
Exploits0References3
Kitploit
Kitploit
added 2022/03/13 8:30 p.m.24 views

GoodHound - Uses Sharphound, Bloodhound And Neo4j To Produce An Actionable List Of Attack Paths For Targeted Remediation

Attackers think in graphs, defenders think in actions, management think in charts. GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. Usage Quick Start For a very quick start with mo...

7AI score
Exploits0References5
NVD
NVD
added 2021/09/23 3:15 a.m.28 views

CVE-2021-34712

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

6.5CVSS0.0074EPSS
Exploits0References1
OSV
OSV
added 2021/09/23 3:15 a.m.3 views

CVE-2021-34712

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

6.5CVSS5.8AI score0.0074EPSS
Exploits0References1
Prion
Prion
added 2021/09/23 3:15 a.m.21 views

Input validation

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

4CVSS6.5AI score0.0074EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2021/09/23 2:26 a.m.16 views

CVE-2021-34712 Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

5.4CVSS6.9AI score0.0074EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/23 2:26 a.m.28 views

CVE-2021-34712 Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

5.4CVSS6.7AI score0.0074EPSS
Exploits0References1
CVE
CVE
added 2021/09/23 2:26 a.m.62 views

CVE-2021-34712

CVE-2021-34712 affects Cisco SD-WAN vManage Software. Vulnerable component: the web-based management interface. Root cause: insufficient input validation allows authenticated, remote attackers to perform cypher query language injection via crafted HTTP requests, potentially exposing sensitive inf...

6.5CVSS6AI score0.0074EPSS
Exploits0References1Affected Software2
Cisco
Cisco
added 2021/09/22 4:0 p.m.28 views

Cisco SD-WAN vManage Software Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

5.4CVSS6AI score0.0074EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/09/22 12:0 a.m.3 views

PT-2021-5326 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue exists due to insufficient input validation by the web-based management interface of Cisco SD-WAN vManage Software. An attacker could exploit this by sending...

6.5CVSS6.3AI score0.0074EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/09/22 12:0 a.m.25 views

Cisco SD-WAN vManage Software Cypher Query Language Injection (cisco-sa-sd-wan-jOsuRJCc)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an...

6.5CVSS6.7AI score0.0074EPSS
Exploits0References3
Rows per page
Query Builder