254 matches found
Apache Superset 安全漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an information disclosure vulnerability that is caused by improper data authorization. An attacker could exploit this vulnerability to obtain sensitive information...
Information Disclosure
nonebot2 is vulnerable to Information Disclosure. The vulnerability is due to improper handling of user-provided data in a MessageTemplate, which could result in sensitive information disclosure if the user input is used in templates without adequate filtering...
GitLab 10.8 < 15.1.6 / 15.2 < 15.2.4 / 15.3 < 15.3.2 (CVE-2022-3639)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3....
Huawei HarmonyOS 信息泄露漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from information being stored in an improper location, thereby compromising confidentiality...
The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS, related to improper data cleaning in the SNMP configuration, allows a attacker to execute XSS attacks.
The vulnerability of the network management system for monitoring and managing industrial networks in SINEC NMS is related to improper data cleaning in the SNMP configuration. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
Authentication flaw
Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending...
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microweber 跨站脚本漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 2.0, which...
CVE-2023-27523
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
PT-2023-4507 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive...
Foxit PDF Reader AcroForm Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...
CVE-2023-2860
An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This fla...
CVE-2023-32203
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
rubygem-loofah: Improper neutralization of data URIs leading to Cross Site Scripting
A Cross-site scripting vulnerability was found in rubygem loofah. While neutralizing certain data URIs, loofah is susceptible to Cross-site scripting attacks...
Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
SUSE CVE-2023-27349
BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the...
CVE-2023-25755
Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer CWE-119 due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project...
PT-2023-3268 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to insufficient cleaning of user data in the administration panel, allowing a user to inject and execute arbitrary HTML and script code i...
The vulnerability in the implementation of the PAPI network protocol for ArubaOS operating systems allows a hacker to execute arbitrary code.
The vulnerability of the PAPI network protocol implementation in ArubaOS operating systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Azure HDInsight’s data analysis service in the Windows operating system allows attackers to perform spear-phishing attacks.
The vulnerability of the Azure HDInsight data analysis service for the Windows operating system is related to improper data processing. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...