IBOS SQL注入漏洞

IBOS is a collaborative office management system. A SQL injection vulnerability exists in IBOS OA version 4.5.5, which originates from a SQL injection vulnerability in the component Interview Management Export...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop jmsthemelayout version 2.5.5, which stems from vulnerability t...

@antgineering-studio/strapi (=4.5.5), @beardeddudes/strapi-types (>=0.1.0 <=0.1.1) +126 more potentially affected by CVE-2023-22621 via @strapi/plugin-email (>=0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a <=4.5.5)

@strapi/plugin-email NPM version =0.0.0-a230f29587d4a221c9c686ca4e467b3fb465631a, =0.1.0, =1.0.1, =4.12.2, =1.0.0, =4.2.0, =4.2.2, =0.0.1, =1.0.1, =0.1.1, =1.0.9, =0.0.1, =0.0.5 and more Source cves: CVE-2023-22621 Source advisory: OSV:GHSA-2H87-4Q2W-V4HF...

Neo4j 代码问题漏洞

Neo4j is a Java-based and fully ACID-compatible graphical database from the U.S. company Neo4j, which supports data migration, add-ons and more. A code issue vulnerability exists in Neo4j versions prior to 5.5.0 that stems from the presence of an XML External Entity XXE vulnerability, which can b...

SUSE CVE-2013-1512

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language...

SUSE CVE-2013-2724

Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors...

SUSE CVE-2013-2733

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2730...

SUSE CVE-2014-6463

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML...

SUSE CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key...

SUSE CVE-2016-4072

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...

SUSE CVE-2016-5094

Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function...

SUSE CVE-2016-6254

Heap-based buffer overflow in the parsepacket function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted network packet...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in IhisiSmm in Insyde InsydeH2O with kernel versions 5.0...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 through 5.5. An attacker...

CVE-2022-43765

B&R APROL versions R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service...

TYPO3 访问控制错误漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3 version 5.5.3, version 6.x up to and including version 6.3.4, and version 7.x up to and including version 7.1.0, which stems from a lack ...

PT-2022-28080 · Unknown · Dolibarr Project Timesheet

Name of the Vulnerable Software and Affected Versions: dolibarr project timesheet versions up to 4.5.5 Description: A vulnerability was found in the Form Handler component, leading to cross-site request forgery. The attack can be initiated remotely. Recommendations: For versions up to 4.5.5,...

CVE-2022-4455

creationtimestamp| type| source ---|---|--- 2022-12-13 20:21:57+00:00| seen| https://t.me/cibsecurity/54451...

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.0 through 5.5, which is caused...

PT-2022-23314 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel 5.0 through 5.5 Description: A stack buffer overflow vulnerability in the MebxConfiguration driver can lead to arbitrary code execution. This issue occurs when a UEFI variable under the OS is read by BIOS code,...