156 matches found
Data Flow Sanitation Issue Fix
Impact Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server...
GHSA-XM9F-VXMX-4M58 Data Flow Sanitation Issue Fix
Impact Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server...
Remote Code Execution (RCE)
openmage/magento-lts is vulnerable to remote code execution. Lack of data flow sanitization allows admin users to upload malicious executable files to the server...
Design/Logic Flaw
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...
CVE-2021-32759 Data Flow Sanitation Issue Fix
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...
White Box Testing What Is, Types, Techniques, Example
White Box Testing is programming trying, or rather inner center and foundation. Get familiar with about this strategy in this article. What is White Box Testing? White Box Testing can be depicted as a program-testing methodology in which a product’s interior construction, plan and coding are trie...
CVE-2021-32754 Improper Restriction of XML External Entity Reference in de.tud.sse
FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity XXE vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based...
CVE-2021-32754
FlowDroid is a data flow analysis tool. CVE-2021-32754 describes an XML External Entity (XXE) vulnerability in FlowDroid versions prior to 2.9.0, where an attacker who can control the XML-based source/sink definition file could read files from external locations. The vulnerability requires use of...
The Vulnerabilities of the Past Are the Vulnerabilities of the Future
Major software vulnerabilities are a fact of life, as illustrated by the fact that Microsoft has patched between 55 and 110 vulnerabilities each month this year – with 7% to 17% of those vulnerabilities being critical. May had the fewest vulnerabilities, with a total of 55 and only four considere...
Nagios Network Analyzer Self-XSS Vulnerability
Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A Self-XSS vulnerability exists in Nagios Network Analyzer versions prior to 2.4.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via...
Threatspec - Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source...
CVE-2020-5427
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...
CVE-2020-5427
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...
Sql injection
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...
CVE-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...
CVE-2020-5427
Spring Cloud Data Flow is affected by CVE-2020-5427 in versions 2.6.x prior to 2.6.5 and 2.5.x prior to 2.5.4, where the task execution sorting query is vulnerable to SQL injection. The issue stems from the vulnerable SQL path when requesting task execution. Remediation is to upgrade to version 2...
PT-2021-12401 · Spring · Spring Cloud Data Flow
Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow versions 2.5.x prior to 2.5.4 Spring Cloud Data Flow versions 2.6.x prior to 2.6.5 Description: The application is vulnerable to SQL injection when requesting task execution. Recommendations: For versions 2.5.x prior to...
Vmware Spring Cloud Data Flow SQL Injection Vulnerability
Vmware Spring Cloud Data Flow is a code library for streaming and batch data processing in microservices from Vmware, Inc. A SQL injection vulnerability exists in Spring Cloud Data Flow versions 2.6.x prior to 2.6.5, versions 2.5.x prior to 2.5.4, which stems from the vulnerability of the...
The vulnerability of Intel SSD microprogramming software, related to insufficient flow management, allows a hacker to gain unauthorized access to protected information.
The vulnerability of Intel SSD microprogramming software is related to insufficient control of the flow of data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
The vulnerability of Intel Data Center SSD microprogramming software, related to data flow management errors, allows a hacker to gain unauthorized access to protected information.
The vulnerability of Intel Data Center SSDs’ microprogrammed software is related to errors in data flow management. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...