Lucene search
K

194 matches found

Positive Technologies
Positive Technologies
added 2022/03/08 12:0 a.m.4 views

PT-2022-16581 · Siemens · Sinema Server +1

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V1.0.3 SINEMA Server V14 all versions Description: A security issue allows a privileged authenticated attacker to execute arbitrary commands in the local database. This is achieved by sending specially crafted...

7.2CVSS7.1AI score0.03435EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/08 12:0 a.m.7 views

Siemens SINEC NMS SQL注入漏洞

Siemens SINEC NMS is a network management system NMS from Siemens Germany that is used to centrally monitor, manage, and configure industrial networks with tens of thousands of devices 24/7, including security-related areas.A SQL injection vulnerability in Siemens SINEC NMS allows a privileged,...

7.2CVSS6.3AI score0.03435EPSS
Exploits0References5
OSV
OSV
added 2022/02/24 1:11 p.m.26 views

GHSA-8WR4-2WM6-W3PR B2 Command Line Tool TOCTOU application key disclosure

Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...

5.7CVSS4.2AI score0.00206EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/02/24 1:11 p.m.25 views

B2 Command Line Tool TOCTOU application key disclosure

Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...

4.7CVSS0.7AI score0.00206EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2022/02/24 7:35 a.m.17 views

Time-of-check-time-of-use (TOCTOU)

b2sdk is vulnerable to time-of-check-time-of-use TOCTOU. A local attacker is able to read the contents of the local database file where API keys are saved when using SqliteAccountInfo, resulting in sensitive information disclosure via race condition...

4.7CVSS2.4AI score0.00214EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2022/02/23 11:15 p.m.9 views

PYSEC-2022-32

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

4.7CVSS6AI score0.00206EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/13 6:15 p.m.3 views

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

7.3CVSS6.1AI score0.00442EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/10/13 6:15 p.m.4 views

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

7.3CVSS7.5AI score0.00442EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/10/13 5:10 p.m.27 views

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

7.8AI score0.00442EPSS
Exploits0References2
CNVD
CNVD
added 2021/10/13 12:0 a.m.19 views

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77591)

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from a lack of validation and escaping of SQL parameter statements. An attacker could use this...

7.2CVSS2.7AI score0.27685EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.19 views

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77593)

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements. An attacker could use this...

7.2CVSS2.7AI score0.46587EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.16 views

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77589)

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...

7.2CVSS2.6AI score0.27685EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.22 views

Siemens SINEC NMS SQL Injection Vulnerability

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from a lack of validation and escaping of SQL parameter statements. An attacker could use this...

7.2CVSS2.7AI score0.15385EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.23 views

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77592)

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which could be exploited by an authenticated attacker to import firmware containers into the affected system...

8.8CVSS6.1AI score0.02305EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.14 views

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77586)

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...

7.2CVSS2.6AI score0.01113EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/13 12:0 a.m.23 views

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77587)

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which could be exploited by an attacker with privileged credentials to execute arbitrary commands in the loca...

7.2CVSS5.3AI score0.01144EPSS
Exploits0References1
NVD
NVD
added 2021/10/12 10:15 a.m.18 views

CVE-2021-33735

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

7.2CVSS0.01113EPSS
Exploits0References1
NVD
NVD
added 2021/10/12 10:15 a.m.17 views

CVE-2021-33730

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

7.2CVSS0.27685EPSS
Exploits0References1
NVD
NVD
added 2021/10/12 10:15 a.m.25 views

CVE-2021-33732

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

7.2CVSS0.27685EPSS
Exploits0References1
NVD
NVD
added 2021/10/12 10:15 a.m.23 views

CVE-2021-33729

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database...

8.8CVSS0.02305EPSS
Exploits0References1
Rows per page
Query Builder