SUSE CVE-2020-14641

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

PT-2023-5878 · Dexma · Dexgate

Name of the Vulnerable Software and Affected Versions: No specific software name and version are mentioned in the provided descriptions. Description: The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor, which may allow an attacker to create maliciou...

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center, related to errors in access management, allows a perpetrator to trigger a service failure.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to errors in access management. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

CVE-2023-40726

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database...

New Python Variant of Chaes Malware Targets Banking and Logistics Industries

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. "It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced...

GX Software XperienCentral 安全漏洞

GX Software XperienCentral is a CMS from GX Software. A security vulnerability exists in GX Software XperienCentral version 10.36.0 and prior versions, which stems from a vulnerability that allows an unauthorized attacker to bypass security filters and place unauthorized data on the server...

CVE-2023-35927 Nextcloud system addressbooks can be modified by malicious trusted server

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

CVE-2023-33518

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request...

Xibo 安全漏洞

Xibo is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo versions prior to 3.0.0 through 3.3.5, which originates from a stack trace being printed when called with missing or invalid parameters, which can be exploited by an attacker to vie...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely EcoStruxure Control Expert, and the automation system for technological processes, EcoStruxure Process Expert, allows a intruder to gain unauthorized access to SMTP account data.

The vulnerability of the programming software for PLCs programmable logic controllers, as well as the EcoStruxure Process Expert automation system, is related to insufficient protection for registration data. Exploiting this vulnerability could allow attackers to gain unauthorized access to SMTP...

SAP NetWeaver AS Java Access Control Error Vulnerability

SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An access control error vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from the fact that ...

SAP NetWeaver AS Java Licensing Issue Vulnerability (CNVD-2023-28121)

SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An authorization issue vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from a failure to...

SUSE CVE-2015-4905

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML...

SUSE CVE-2016-2366

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network traffic can send invalid data to trigger this...

SUSE CVE-2016-2371

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution...

SUSE CVE-2017-3653

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoco...

SUSE CVE-2018-20684

In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp...

SUSE CVE-2020-11044

In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...

SUSE CVE-2021-39246

Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the...

Schneider Electric EcoStruxure Power Commission 安全漏洞

Schneider Electric EcoStruxure Power Commission is a comprehensive software from Schneider Electric France that provides powerful features for setting up, testing, and commissioning low-voltage distribution cabinets. A security vulnerability exists in EcoStruxure Power Commission versions prior t...