46 matches found
EUVD-2023-45177
Malicious code in bioql PyPI...
EUVD-2022-53044
Malicious code in bioql PyPI...
EUVD-2023-44902
Malicious code in bioql PyPI...
EUVD-2023-41370
Malicious code in bioql PyPI...
EUVD-2023-41371
Malicious code in bioql PyPI...
EUVD-2023-36379
Malicious code in bioql PyPI...
EUVD-2023-40843
Malicious code in bioql PyPI...
CVE-2023-32111
In SAP PowerDesigner Proxy - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application...
CVE-2022-31590
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the...
SAP PowerDesigner Input Validation Error Vulnerability
SAP PowerDesigner is a database design software from SAP Germany. An input validation error vulnerability exists in SAP PowerDesigner version 16.7, which stems from an inability to adequately validate a BPMN2 XML document imported from an untrusted source. An attacker could exploit this...
CVE-2023-40310
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
Xxe
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
CVE-2023-40310 Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
CVE-2023-40310 Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Business Objects, SAP HANA, SAP Netweaver and SAP PowerDesigner. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Cross-Site Request Forgery XSR...
SAP PowerDesigner 安全漏洞
SAP PowerDesigner is a database design software from SAP Germany. An input validation error vulnerability exists in SAP PowerDesigner version 16.7, which stems from an inability to adequately validate a BPMN2 XML document imported from an untrusted source. An attacker could exploit this...
SAP PowerDesigner Code Injection Vulnerability (CNVD-2024-23328)
SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...
CVE-2023-40621
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
CVE-2023-40621 Code Injection vulnerability in SAP PowerDesigner Client
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before...
SAP PowerDesigner 代码注入漏洞
SAP PowerDesigner is a database design software from SAP Germany. A code injection vulnerability exists in SAP PowerDesigner version 16.7 that originates from allowing an unauthenticated attacker to inject VBScript code into a document. An attacker could exploit this vulnerability to cause...