66 matches found
Improper access control
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface...
CVE-2023-23445
CVE-2023-23445 affects SICK FTMg AIR FLOW SENSOR (partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526). The root cause is Improper Access Control allowing an unprivileged remote attacker to access data fields via the REST interface. The CVE has a high impact on confidentiali...
CVE-2023-23445
Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface...
The vulnerability of the WSGI Werkzeug web application library relates to the distribution of resources without any restrictions or regulations, allowing a hacker to cause a service failure.
The vulnerability of the WSGI Werkzeug web application lies in the fact that the application does not properly control the consumption of internal resources when processing data with a complex structure containing a large number of fields. Exploiting this vulnerability can allow an attacker to...
Acuant AcuFill SDK 安全漏洞
Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from documents. A security vulnerability exists in Acuant AcuFill SDK. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the...
SUSE CVE-2021-35525
PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...
CVE-2022-20905
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-37150
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters...
Uncapped length of skin data fields submitted by players
Impact Some skin data fields e.g. skinID, geometryName are not capped in length. These fields are typically saved in the NBT data of a player when the player quits the server, or during an autosave. This is problematic due to the 32767 byte limit on TAGStrings. If any of these fields exceeds 3276...
The vulnerability of Zoom’s video conferencing software, related to the disclosure of information in erroneous data fields, allows attackers to disclose protected information.
The vulnerability of Zoom video conferencing software is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
MediaWiki suffers from an unspecified vulnerability (CNVD-2021-48984)
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.36, which stems from a privileged user with Rewards...
CVE-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
CVE-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
CVE-2021-36131
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users...
CVE-2021-36130
An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate acros...
CVE-2021-36131
An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users...
Roehling PostSRSd Denial of Service Vulnerability
Roehling Postsrsd is a C-based program by Roehling's personal developer that provides reverse SRS functionality for mail servers. PostSRSd suffers from a denial of service vulnerability that stems from a problem caused by Postfix sending certain long data fields, such as email addresses for...
DEBIAN-CVE-2021-35525
PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...
CVE-2021-35525
PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...
CVE-2021-35525
PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...