Lucene search
K

398 matches found

Positive Technologies
Positive Technologies
added 2023/01/16 12:0 a.m.5 views

PT-2023-10233 · Unknown · Githuis P2Manage

Name of the Vulnerable Software and Affected Versions: githuis P2Manage affected versions not specified Description: A critical vulnerability was found in githuis P2Manage, affecting the function Execute of the file PTwoManage/Database.cs. The manipulation of the sql argument leads to sql...

9.8CVSS6.1AI score0.00672EPSS
Exploits0References7
OSV
OSV
added 2022/11/15 7:0 p.m.2 views

GHSA-463W-HXFV-G9F6 Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user

Apache Archiva prior to 2.2.9 may allow the anonymous user to read arbitrary files. If anonymous read enabled, it's possible to read the database file directly without logging in...

7.5CVSS6AI score0.01192EPSS
Exploits0References5
NVD
NVD
added 2022/11/15 1:15 p.m.27 views

CVE-2022-40308

If anonymous read enabled, it's possible to read the database file directly without logging in...

7.5CVSS0.01192EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 8:3 a.m.35 views

Security Bulletin: A vulneraqbility in SQLite affects IBM Cloud Application Performance Managment R esponse Time Monitoring RRT Agent (CVE-2021-45346)

Summary A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain...

4.3CVSS4.6AI score0.01614EPSS
Exploits1Affected Software1
Prion
Prion
added 2022/08/10 8:16 p.m.14 views

Design/Logic Flaw

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

7.5CVSS9.4AI score0.53389EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.4 views

Keysight Technologies Sensor Management Server SQL注入漏洞

Keysight Technologies Sensor Management Server is a sensor management server from Keysight Technologies, USA. A security vulnerability exists in Keysight Technologies Sensor Management Server SMS that originates from the ability of an unauthenticated, remote attacker to effectively take control o...

9.8CVSS8.2AI score0.53389EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/06/29 12:0 a.m.32 views

ABB REX640 Incorrect Permission Assignment for Critical Resource (CVE-2022-1596)

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. - Incorrect Permission Assignment for Critical...

6.5CVSS6.5AI score0.00617EPSS
Exploits0References2
Prion
Prion
added 2022/06/21 3:15 p.m.22 views

Code injection

Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node...

4CVSS6.5AI score0.00617EPSS
Exploits0References1Affected Software3
OSV
OSV
added 2022/05/07 12:0 a.m.9 views

UBUNTU-CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...

7.8CVSS7.4AI score0.00499EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/04/05 6:15 p.m.2 views

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php...

8.8CVSS7.3AI score0.00942EPSS
Exploits1References2
OSV
OSV
added 2022/03/01 11:15 p.m.4 views

CVE-2021-41652

Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database...

7.5CVSS7.1AI score0.01053EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/24 1:11 p.m.26 views

B2 Command Line Tool TOCTOU application key disclosure

Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...

4.7CVSS0.7AI score0.0021EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/24 12:8 p.m.89 views

GHSA-P867-FXFR-PH2W b2-sdk-python TOCTOU application key disclosure

Impact Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. SDK users of the SqliteAccountInfo format are vulnerable while users...

5.7CVSS4.3AI score0.00217EPSS
Exploits0References6
Veracode
Veracode
added 2022/02/24 7:35 a.m.17 views

Time-of-check-time-of-use (TOCTOU)

b2sdk is vulnerable to time-of-check-time-of-use TOCTOU. A local attacker is able to read the contents of the local database file where API keys are saved when using SqliteAccountInfo, resulting in sensitive information disclosure via race condition...

4.7CVSS2.4AI score0.00217EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/02/23 11:15 p.m.13 views

CVE-2022-23653

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

4.7CVSS0.0021EPSS
Exploits0References2
OSV
OSV
added 2022/02/23 10:50 p.m.30 views

CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure

b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...

4.7CVSS4.2AI score0.00217EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/02/15 5:47 p.m.53 views

CVE-2021-45346

A memory leak flaw was found in the SQLite Project via maliciously crafted SQL Queries made via editing the Database File. This flaw allows a malicious user to obtain sensitive information due to a possible query to a record and leaking subsequent bytes of memory that extend beyond the record...

4.3CVSS2.7AI score0.01614EPSS
Exploits1References4
NVD
NVD
added 2022/02/14 7:15 p.m.24 views

CVE-2021-45346

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...

4.3CVSS0.01614EPSS
Exploits1References5
OSV
OSV
added 2022/02/14 7:15 p.m.9 views

CVE-2021-45346

A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain...

4.3CVSS6.8AI score
Exploits0References5
Prion
Prion
added 2022/02/14 7:15 p.m.29 views

Memory corruption

DISPUTED A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries made via editing the Database File, it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user...

4CVSS4.8AI score0.01614EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder