Lucene search
K

156 matches found

Github Security Blog
Github Security Blog
added 2021/08/30 5:20 p.m.50 views

Data Flow Sanitation Issue Fix

Impact Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server...

7.2CVSS5.8AI score0.01311EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/08/30 5:20 p.m.36 views

GHSA-XM9F-VXMX-4M58 Data Flow Sanitation Issue Fix

Impact Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server...

7.2CVSS6.9AI score0.01311EPSS
Exploits0References5
Veracode
Veracode
added 2021/08/30 5:36 a.m.17 views

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution. Lack of data flow sanitization allows admin users to upload malicious executable files to the server...

7.2CVSS5.9AI score0.01311EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/08/27 10:15 p.m.16 views

Design/Logic Flaw

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

6.5CVSS6.9AI score0.01311EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/08/27 10:0 p.m.39 views

CVE-2021-32759 Data Flow Sanitation Issue Fix

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

7.2CVSS7.2AI score0.01311EPSS
Exploits0References3
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/07/25 4:17 p.m.190 views

White Box Testing What Is, Types, Techniques, Example

White Box Testing is programming trying, or rather inner center and foundation. Get familiar with about this strategy in this article. What is White Box Testing? White Box Testing can be depicted as a program-testing methodology in which a product’s interior construction, plan and coding are trie...

7AI score
Exploits0
Cvelist
Cvelist
added 2021/07/12 11:0 p.m.18 views

CVE-2021-32754 Improper Restriction of XML External Entity Reference in de.tud.sse

FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity XXE vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based...

5.3CVSS5.4AI score0.00643EPSS
Exploits0References1
CVE
CVE
added 2021/07/12 11:0 p.m.60 views

CVE-2021-32754

FlowDroid is a data flow analysis tool. CVE-2021-32754 describes an XML External Entity (XXE) vulnerability in FlowDroid versions prior to 2.9.0, where an attacker who can control the XML-based source/sink definition file could read files from external locations. The vulnerability requires use of...

5.3CVSS5.1AI score0.00643EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2021/06/03 2:19 p.m.49 views

The Vulnerabilities of the Past Are the Vulnerabilities of the Future

Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical. May had the fewest vulnerabilities, with a total of 55 and only four considere...

1.2AI score
Exploits0
CNVD
CNVD
added 2021/04/09 12:0 a.m.8 views

Nagios Network Analyzer Self-XSS Vulnerability

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A Self-XSS vulnerability exists in Nagios Network Analyzer versions prior to 2.4.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via...

6.1CVSS6AI score0.09246EPSS
Exploits1References1
Kitploit
Kitploit
added 2021/03/03 11:30 a.m.193 views

Threatspec - Continuous Threat Modeling, Through Code

Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source...

8AI score
Exploits0References3
OSV
OSV
added 2021/01/27 6:15 p.m.21 views

CVE-2020-5427

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

7.2CVSS7.9AI score0.0106EPSS
Exploits0References1
NVD
NVD
added 2021/01/27 6:15 p.m.19 views

CVE-2020-5427

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

7.2CVSS6.6AI score0.0106EPSS
Exploits0References1
Prion
Prion
added 2021/01/27 6:15 p.m.13 views

Sql injection

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

6.5CVSS7.3AI score0.0106EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/01/27 5:30 p.m.22 views

CVE-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

5.7CVSS7.4AI score0.0106EPSS
Exploits0References1
CVE
CVE
added 2021/01/27 5:30 p.m.51 views

CVE-2020-5427

Spring Cloud Data Flow is affected by CVE-2020-5427 in versions 2.6.x prior to 2.6.5 and 2.5.x prior to 2.5.4, where the task execution sorting query is vulnerable to SQL injection. The issue stems from the vulnerable SQL path when requesting task execution. Remediation is to upgrade to version 2...

7.2CVSS6.7AI score0.0106EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/01/27 12:0 a.m.6 views

PT-2021-12401 · Spring · Spring Cloud Data Flow

Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow versions 2.5.x prior to 2.5.4 Spring Cloud Data Flow versions 2.6.x prior to 2.6.5 Description: The application is vulnerable to SQL injection when requesting task execution. Recommendations: For versions 2.5.x prior to...

7.2CVSS6.3AI score0.0106EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/01/27 12:0 a.m.6 views

Vmware Spring Cloud Data Flow SQL Injection Vulnerability

Vmware Spring Cloud Data Flow is a code library for streaming and batch data processing in microservices from Vmware, Inc. A SQL injection vulnerability exists in Spring Cloud Data Flow versions 2.6.x prior to 2.6.5, versions 2.5.x prior to 2.5.4, which stems from the vulnerability of the...

7.2CVSS6.6AI score0.0106EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/11/18 12:0 a.m.5 views

The vulnerability of Intel SSD microprogramming software, related to insufficient flow management, allows a hacker to gain unauthorized access to protected information.

The vulnerability of Intel SSD microprogramming software is related to insufficient control of the flow of data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

6.8CVSS5.5AI score0.00352EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.7 views

The vulnerability of Intel Data Center SSD microprogramming software, related to data flow management errors, allows a hacker to gain unauthorized access to protected information.

The vulnerability of Intel Data Center SSDs’ microprogrammed software is related to errors in data flow management. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

7.9CVSS5.4AI score0.00331EPSS
Exploits0References3
Rows per page
Query Builder