25 matches found
GHSA-99HJ-44VG-HFCP Fleet's unbounded request body read allows remote Denial of Service
Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...
Fleet's unbounded request body read allows remote Denial of Service
Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...
PT-2025-20848 · Siemens · Sirius 3Rk3 Modular Safety System +1
Name of the Vulnerable Software and Affected Versions: SIRIUS 3RK3 Modular Safety System MSS All versions SIRIUS Safety Relays 3SK2 All versions Description: A vulnerability has been identified where affected devices only provide weak password obfuscation. An attacker with network access could...
PT-2025-4247 · Oracle +6 · Mysql Server +5
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior Description: The vulnerability in the MySQL Server product of Oracle MySQL, specifically in the Server: Thread Pooling componen...
CVE-2023-32967 QTS, QuTScloud
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the...
CVE-2023-26453
CVE-2023-26453 affects the Open-Xchange App Suite imageconverter service. The vulnerability allows SQL injection by crafting requests to cache an image, with arbitrary SQL statements executed in the context of the service database user. Exploitation requires access to adjacent networks of the ima...
PT-2020-4527 · Mysql Server +9 · Mysql Server +9
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.6.49 and prior MySQL Server versions 5.7.31 and prior MySQL Server versions 8.0.21 and prior Description: The issue is related to insufficient input validation in the Server: Locking component of MySQL Server, allowing...
PT-2020-2401 · Oracle +10 · Mysql Server +9
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.29 and prior MySQL Server versions 8.0.19 and prior Description: The issue is related to the InnoDB component of the MySQL Server product, which is part of Oracle MySQL. It allows a high-privileged attacker with...
PT-2020-20315 · Zoho +1 · Zoho Manageengine Assetexplorer +1
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine AssetExplorer version 6.5 Description: An issue was discovered in Zoho ManageEngine AssetExplorer during an upgrade of the Windows agent, where it does not validate the source and binary downloaded. This allows an attacker o...
Siemens TIM 1531 IRC Modules
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...
ICSA-18-317-07 Siemens SIMATIC IT Production Suite
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC IT Production Suite Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise confidentiality, integrity and...
SOL00329831 - Multiple NTP vulnerabilities CVE-2015-8139 and CVE-2015-8140
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
Design/Logic Flaw
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...
CVE-2015-1150
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...
CVE-2015-1150
The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended...
Agile FleetCommander and FleetCommander Kiosk versions prior to 4.08 contain multiple vulnerabilities
Overview Agile FleetCommander and FleetCommander Kiosk were found to have multiple XSS, CSRF, information disclosure and SQLi vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2012-4941SQL Injection Vulnerabilities:...
CVE-2010-3561
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle...
Design/Logic Flaw
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle...
RHEL 2.1 : IBMJava2 (RHSA-2008:0133)
IBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1. IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A buffer overflow was found in the Java Runtime Environment...
GLSA-200805-18 : Mozilla products: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200805-18 Mozilla products: Multiple vulnerabilities The following vulnerabilities were reported in all mentioned Mozilla products: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and Paul Nickerson reported browser...