CVE-2023-25822 ReportPortal DoS vulnerability on creating a Launch with too many recursively nested elements

ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the com.epam.reportportal:service-api module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1...

Oracle Linux 7 : samba (ELSA-2019-2099)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2099 advisory. - resolves: 1696524 - Fix CVE-2019-3880 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

com.hcl.commerce:commerce-search-processors (>=9.1.14.0 <=9.1.15.0), org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0) +153 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-service-api (>=1.21.0 <=1.23.0)

org.apache.nifi:nifi-dbcp-service-api MAVEN version =1.21.0, =9.1.14.0, =1.22.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 and more Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...

CVE-2023-21627

Memory corruption in Trusted Execution Environment while calling service API with invalid address...

Memory corruption

Memory corruption in Trusted Execution Environment while calling service API with invalid address...

CVE-2023-21627 Incorrect Type Conversion or Cast in Trusted Execution Environment

Memory corruption in Trusted Execution Environment while calling service API with invalid address...

Open-Xchange AppSuite SQL Injection Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-Xchange AppSuite that stems from a SQL injection vulnerability in the Cacheservice...

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2023-20862 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2023-20862 Source advisory: OSV:GHSA-X873-6RGC-94JC...

SUSE CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

CVE-2022-43420

Jenkins Contrast Continuous Application Security Plugin 3.9 and earlier does not escape data returned from the Contrast service when generating a report, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control or modify Contrast service API responses...

UBUNTU-CVE-2022-21624

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JNDI. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit...

The vulnerability of the HTTP Request Handler component in the SAP Business One License service API allows a perpetrator to execute arbitrary code due to incorrect authentication.

The vulnerability of the HTTP Request Handler component in the SAP Business One License service API is related to incorrect authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted HTTP request...

SAP Business One License service API授权问题漏洞

SAP Business One License service API is a service of SAP Germany. It provides a unified service endpoint that can be used to access business data from source systems outside of the SAP Business One system via API calls.The SAP Business One License service API contains an authorization issue...

CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...

CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...

CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...

CVE-2021-35079

CVE-2021-35079 describes improper validation of permissions for a third-party app attempting to access the Telephony service API, leading to information disclosure on Qualcomm/Snapdragon platforms (Compute, Connectivity, IoT variants). The underlying issue is privilege/permission validation for t...

GHSA-J6MR-CM6X-H6JG OpenStack Glance Server-Side Request Forgery (SSRF)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

OpenStack Glance Server-Side Request Forgery (SSRF)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

Oracle Java SE 输入验证错误漏洞

Oracle Java SE is an Oracle Corporation USA Java application for developing and deploying Java applications on desktops and servers, as well as embedded devices and real-time environments. An input validation error vulnerability exists in Oracle Java SE that could allow an unauthenticated attacke...