87 matches found
CVE-2023-23932
OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1...
The vulnerability of the OData protocol implementation in SAP S4CORE Entity software allows unauthorized access to protected information.
The vulnerability of the OData protocol implementation in SAP S4CORE Entity software is related to deficiencies in displaying hidden user fields. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
SAP Just In Time 安全漏洞
SAP Just In Time is an application from SAP Germany designed to enable efficient demand-driven production and logistics throughout the supply chain. An elevation of privilege vulnerability exists in SAP Just In Time, which stems from the OData service not performing the necessary privilege checks...
The vulnerability of the Telnet protocol implementation for the MIR KT-51 controller and the MIR controller configuration tool, related to the transmission of data in an open manner, allows a perpetrator to disclose the protected information.
The vulnerability of the Telnet protocol implementation for the MIR KT-51 controller and the MIR controller configuration software is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of the implementation of service protocols in the software products of the LLC “NPO ‘MIR’ relates to the transmission of data in an open manner, which allows a perpetrator to disclose the protected information.
The vulnerability of the implementation of service protocols in the software products of the LLC “NPO ‘MIR’ relates to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information.”...
The vulnerability of the HTTP protocol implementation in the software products of the LLC “NPO “MIR” lies in the transmission of data in an open manner, which allows attackers to disclose protected information.
The vulnerability of the HTTP protocol implementation in software products of the LLC “NPO ‘MIR’” lies in the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...
The vulnerability of the Xerox Workplace Suite print management server, related to the storage of critical information in an open manner, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Xerox Workplace Suite print management server lies in the storage of critical information in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
OESA-2025-1126 assimp security update
Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A heap-buffer-overflow vulnerability...
PT-2025-6125 · Sap · Sap Fiori +1
Name of the Vulnerable Software and Affected Versions: SAP ERP affected versions not specified Description: The issue concerns the SAP OData endpoint in SAP Fiori for SAP ERP, where cached values could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter...
The vulnerability of the Webservice API Endpoint component of the SAP Commerce Cloud platform allows a hacker to disclose protected information.
The vulnerability of the Webservice API Endpoint component of the SAP Commerce Cloud platform is related to the transmission of data in an open manner. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...
The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series, related to the transmission of data in an open manner, allows attackers to disclose protected information.
The vulnerability of microprogrammed software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
CVE-2024-45282
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...
The vulnerability of Ivanti Workspace Control’s software for controlling user access to applications and data, related to the transmission of data in an open manner, allows a hacker to obtain the user’s operating system credentials.
The vulnerability of the software for controlling user access to applications and data in Ivanti Workspace Control is related to the transfer of data in an open manner. Exploiting this vulnerability could allow a hacker to obtain the user’s operating system credentials...
The vulnerability of the mmput() function in the IB/core component of the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the mmput function in the IB/core component of the Linux operating system’s kernel is related to deadlocking as part of the ODP process. Exploiting this vulnerability could allow an attacker to cause a service failure...
PT-2024-41068 · Мир Кт-51 +1 · Мир Кт-51 +1
Name of the Vulnerable Software and Affected Versions: МИР КТ-51 and МИР контроллеры affected versions not specified Description: The issue is related to the implementation of the Telnet protocol in the МИР КТ-51 controller and the МИР controller configurator, which involves the transmission of...
The vulnerability of the SCADA system “ENTEK,” which stems from the storage of critical information in an open manner, allows a intruder to gain unauthorized access to the protected information.
The vulnerability of the SCADA system “ENTEK” is related to the storage of critical information in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information by intercepting traffic or obtaining configuration...
The vulnerability of the software used for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager allows a intruder to carry out a “man-in-the-middle” attack.
The vulnerability of the software for calculating the positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager relates to the transmission of data in an open manner. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...
F5 BIG-IP SQL注入漏洞
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An OData injection vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited to send crafted SQL statemen...
DEBIAN-CVE-2022-48675
In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmputasync. From the below call trace 1 can see that calling mmput once we have the umemodp-umemmutex locked as required by...
opd.opendata-japan.com Cross Site Scripting vulnerability OBB-3849019
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...