64 matches found
CVE-2025-20262
A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denia...
CVE-2025-20262 Cisco Nexus 3000 and 9000 Series Switches Protocol Independent Multicast Version 6 Denial of Service Vulnerability
A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denia...
CVE-2025-20262
CVE-2025-20262 affects Cisco Nexus 3000/9000 NX-OS standalone in PIM6. The issue arises from improper processing of PIM6 ephemeral data queries, allowing an authenticated, low-privileged remote attacker to crash the PIM6 process and cause DoS via adjacency flaps and DoS of PIM6/ephemeral query pr...
Linux Distros Unpatched Vulnerability : CVE-2023-39513
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability...
[SECURITY] Fedora 41 Update: salt-3007.4-4.fc41
Salt is a distributed remote execution system used to execute commands and query data. It was developed in order to bring the best solutions found in the world of remote execution together and make them better, faster and more malleable. Salt accomplishes this via its ability to handle larger loa...
Security Bulletin: IBM Storage Fusion is affected by exposure of information through cross-site scripting or data queries (CVE-2023-45288, CVE-2023-3978)
Summary IBM Storage Fusion Data Foundation uses HTTP to communicate. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-45288, CVE-2023-3978. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/...
CVE-2025-6083
In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...
CVE-2025-6083 ExtremeCloud Universal ZTNA Improper Authorization
In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the ownerid filter. This issue may allow users to search data across the entire table instead of being restricted to their specific ownerid...
CVE-2025-36575
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
CVE-2025-29981
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure...
Excessive Data Query Operations in a Large Data Table
Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Excessive Data Query Operations in a Large Data Table through the tracking and simultaneous querying of a large number of Text objects via the web API. An attacker ca...
Aim Excessive Data Query Operations in a Large Data Table vulnerability
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...
The vulnerability of the WhoDB database management system lies in the insufficient neutralization of special elements in data queries, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the WhoDB database management system is related to the insufficient neutralization of special elements in data queries. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal RESTful Web Services versions 7.X-2.0 through 7.X-2.10, which stems from the inclusion of an Exposure of Sensitive Information via Data Queries...
CVE-2024-6400
Cleartext Storage of Sensitive Information, Exposure of Sensitive Information Through Data Queries vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data, Authentication Bypass, IMAP/SMTP Command Injection, Collect Data from Common Resource Locations. This issue solved in...
The vulnerability of the form_save() function (data_queries.php) in the Cacti network monitoring software allows a hacker to execute cross-site scripting attacks.
The vulnerability of the formsave function in the Cacti monitoring software’s dataqueries.php file is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...
UBUNTU-CVE-2024-4076
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
SUSE CVE-2024-31443
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...
CVE-2024-31443
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...
UBUNTU-CVE-2024-31443
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...