4422 matches found
CVE-2023-22947
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...
CVE-2023-0013
The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an...
CVE-2023-0013 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. On successful exploitation an...
PT-2023-1179 · Siemens · Solid Edge
Name of the Vulnerable Software and Affected Versions: Solid Edge versions prior to V2023 MP1 Description: A memory corruption issue has been identified in the DOCMGMT.DLL of Solid Edge. This issue can be triggered while parsing files in different formats such as PAR, ASM, and DFT, potentially...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to webpack loader-utils CVE-2022-37603
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to webpack loader-utils CVE-2022-37603 with details below. Vulnerability Details CVEID:CVE-2022-37603 DESCRIPTION: webpack loader-utils is vulnerable to a denial of service, caused by a regular...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to command injection due to Node.js vulnerablity X-Force ID 237819
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to command injection due to Node.js vulnerablity X-Force ID 237819 with details below Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote attacker to execute arbitrar...
CVE-2022-43811
To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used...
WIzard for DOCumenting Ontologies 路径遍历漏洞
WIzard for DOCumenting Ontologies WIDOCO is a step-by-step generator of HTML templates containing documentation for ontologies by Daniel Garijo Personal Developer. It helps you automate the publishing and creation of rich, customized ontology documentation by performing a series of steps in a GUI...
[SECURITY] Fedora 36 Update: python3-docs-3.10.9-1.fc36
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
[SECURITY] Fedora 37 Update: python3-docs-3.11.1-1.fc37
The python3-docs package contains documentation on the Python 3 programming language and interpreter...
Fedora: Security Advisory for python3-docs (FEDORA-2022-e699dd5247)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Spring Boot 3.0.1 available now
On behalf of the team and everyone who has contributed, Im happy to announce that Spring Boot 3.0.1 has been released and is now available from Maven Central. This release includes 54 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with iss...
Upgraded Q -> M from #4 [1671756144822]
Judge has assessed an item in Issue 4 as M risk. The relevant finding follows: GroupBuy: Insertion timestamp ignored The documentation states that "If the users have the same quantity as well, the bid that was placed later will have Raes removed.". However, with the current implementation, this i...
The vulnerability of Festo products’ microprogramming software, related to insufficient technical documentation, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Festo product’s microprogramming software is related to insufficient technical documentation. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...
Fedora 36 : woff (2022-706c76c4f0)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-706c76c4f0 advisory. Fix a possible double free in woffEncode. - Update License to SPDX - improved summary and description - Add hand-written man pages - Install HTML format...
Apache Zeppelin input validation error vulnerability
Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. Apache Zeppelin is vulnerable to an input validation error that results from improper input validation in its Move folder to Trash...
Cortex's Alertmanager can expose local files content via specially crafted config
Impact A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users o...
Earlier bidders get cut out of future NFT holdings by bidders specifying the same price.
Lines of code LOC: Vulnerability details Description In GroupBuy module, users can call contribute to get a piece of the NFT pie. There are two stages in transforming the msg.value to holdings in the NFT. 1. filling at any pricesupply is not yet saturated uint256 fillAtAnyPriceQuantity =...
CVE-2022-46689
creationtimestamp| type| source ---|---|--- 2022-12-18 04:04:21+00:00| published-proof-of-concept| https://t.me/hackingshadow/2736 2022-12-18 11:46:29+00:00| published-proof-of-concept| https://t.me/proxybar/1229 2022-12-18 11:59:52+00:00| published-proof-of-concept| https://t.me/crackcodes/1850...
Wrong update of stoploss in TradingExtension._limitClose()
Lines of code Vulnerability details Impact TradingExtension.limitClose returns a wrong stoploss which is favorable for users and it would be a significant loss for the protocol. Proof of Concept TradingExtension.limitClose is used to set takeprofit/stoploss prices for the pending order and execut...