Lucene search
K

92 matches found

CNNVD
CNNVD
added 2023/05/26 12:0 a.m.6 views

CKAN 安全漏洞

CKAN is an open source Dms data management system. It is used to power data centers and data portals. A security vulnerability exists in CKAN versions prior to 2.9.9, and prior to 2.10.1, which stems from DOS due to a lack of length checking for resource ids...

9.8CVSS8.3AI score0.01684EPSS
Exploits0References3
NVD
NVD
added 2023/02/03 10:15 p.m.31 views

CVE-2023-22746

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS8.7AI score0.00693EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/03 9:7 p.m.32 views

CVE-2023-22746 CKAN is vulnerable to session secret shared across instances using Docker images

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS8.9AI score0.00693EPSS
Exploits0References3
CVE
CVE
added 2023/02/03 9:7 p.m.59 views

CVE-2023-22746

CVE-2023-22746 affects CKAN Docker-based deployments where a default, shared secret key is used across multiple instances unless overridden in the container’s .env. The vulnerability allows forging authentication requests between CKAN instances when the default secret key is not customized. Affec...

8.6CVSS7.9AI score0.00693EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/11/22 12:0 a.m.6 views

CKAN 授权问题漏洞

CKAN is an open source Dms data management system. It is used to power data centers and data portals. A security vulnerability exists in CKAN version 2.9.6, which stems from an unauthenticated user taking over via a CKAN account when an existing user ID is sent via an HTTP POST request, which can...

8.8CVSS7.8AI score0.00679EPSS
Exploits0References3
CNVD
CNVD
added 2021/07/09 12:0 a.m.7 views

QSAN XEVO Command Injection Vulnerability

QSAN XEVO is a flash data management system from QSAN China. Reduces repetitive tasks and provides complete data analysis. A command injection vulnerability exists in QSAN XEVO that stems from the product's INIT function not filtering special elements of user input data. An attacker could use thi...

9.8CVSS8AI score0.02058EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/27 12:0 a.m.4 views

Arbitrary File Read Vulnerability in Doco Document Management System (CNVD-2021-27651)

DuoKe document management system is for the enterprise to provide a safe, easy to use B / S architecture integrated system, through the system to complete the integration of enterprise document storage, sub-group folder display, full-text search of document content, document preview, download and...

7AI score
Exploits0
CVE
CVE
added 2020/09/25 12:58 p.m.41 views

CVE-2020-13995

CVE-2020-13995 affects the U.S. Air Force Sensor Data Management System extract75. The issue is a buffer overflow in a global variable (sBuffer) that can lead to a Write-What-Where condition. Writing beyond sBuffer can clobber global variables until reaching pointers like DES_info or image_info; ...

9.8CVSS9.9AI score0.02714EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/26 12:0 a.m.7 views

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to access confidential information.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

6.1CVSS6.3AI score0.01498EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/03/10 12:0 a.m.2 views

Vulnerability of the Data Management System of National Secondary Vocational Schools' Talent Cultivation Work Status due to Arbitrary Password Reset in the Backstage

Xinpengcheng is a high-tech enterprise specializing in vocational education informatization business. There is an arbitrary password reset vulnerability in the background of the National Secondary Vocational School Talent Cultivation Work Status Data Management System. An attacker can utilize thi...

7.1AI score
Exploits0
CNVD
CNVD
added 2018/10/19 12:0 a.m.3 views

HPE UIoT Unauthorized Access Vulnerability Vulnerability

HPE UIoT is a suite of universal IoT platforms from Hewlett Packard Enterprise HPE, USA. The platform features data analytics, monetary safety and synchronization management. A security vulnerability exists in the DSM portal and DSM APIs in HPE UIoT. A remote attacker could exploit the...

5.3CVSS7.2AI score0.05275EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2010/11/01 12:0 a.m.22 views

Sybase Advantage Data Architect - '.SQL' Format Heap Overflow

Exploit Title: Sybase Advantage Data Architect ".SQL" Format Heap Oveflow RCE Date: 2010-10-16 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility Version: 10.0 Tested on: Windows ...

7.4AI score
Exploits0
Rows per page
Query Builder