CVE-2021-43948

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0...

CVE-2021-43948

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0...

Atlassian Jira Service Management Server 和 Data Center 安全漏洞

Atlassian Jira Service is a server-based version of Atlassian Australia's IT service desk and request tracking system, which is used to receive, track and manage requests from team clients. An authorization issue vulnerability exists in Atlassian Jira Service Management Server, which stems from...

vm2 安全漏洞

Vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. vm2 suffers from a security vulnerability that stems from being susceptible to sandbox bypass attacks by directly...

SAP Business Objects Web Intelligence跨站脚本漏洞

SAP Business Objects Web Intelligence is a centralized suite from SAP, a German company used for data reporting, visualization and sharing. SAP Business Objects Web Intelligence is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to compromise vulnerable...

SAP Solution Manager has an unspecified vulnerability

SAP Solution Manager is a system management platform from SAP Germany that integrates system monitoring, SAP support desktops, self-service, ASAP implementation, etc. SAP Solution Manager has a security vulnerability that can be exploited by attackers to compromise vulnerable systems, including...

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

SAP NetWeaver AS SQL Injection Vulnerability

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS has a SQL injection vulnerability that can be exploited by attackers to threaten vulnerable systems, including Business Objects, SAP...

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable due to a lack of verification of the existence of objects before performing operations on them, which can be exploited by attackers to execute code in the context of the current process...

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

Foxit PDF Reader Doc Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable due to a lack of verification of the existence of objects before performing operations on them, which can be exploited by attackers to execute code in the context of the current process...

CVE-2022-22546

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...

CVE-2022-22546

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...

Hardcoded credentials

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...

CVE-2022-22546

SAP Business Objects Web Intelligence (BI Launchpad) 420 is affected by CVE-2022-22546 due to improper HTML encoding in input control summary, enabling an authorized attacker to perform cross-site scripting (XSS). CVSSv3.1 base score 5.4 (MEDIUM). Exploitation details are not elaborated beyond th...

CVE-2022-22546

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...

GHSA-M6MM-Q862-J366 Improper Input Validation in Keycloak

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote co...

Improper Input Validation in Keycloak

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote co...