22 matches found
EUVD-2022-44595
Malicious code in bioql PyPI...
EUVD-2023-33458
Malicious code in bioql PyPI...
EUVD-2025-21947
Malicious code in bioql PyPI...
CVE-2025-52924
In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header...
CVE-2025-52924
In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header...
CVE-2025-52924
In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header...
CVE-2025-52924
CVE-2025-52924 affects One Identity OneLogin before 2025.2.0, where the SQL connection “application name” is derived from an untrusted X-RequestId header. This can lead to information disclosure about the SQL connection name. Affected: OneLogin prior to 2025.2.0. Impact per sources: low confident...
CVE-2025-52924
In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header...
PT-2025-30108 · One Identity · Onelogin
Name of the Vulnerable Software and Affected Versions: One Identity OneLogin versions prior to 2025.2.0 Description: The SQL connection “application name” is set based on the value of an untrusted X-RequestId HTTP request header. Recommendations: Update One Identity OneLogin to version 2025.2.0 o...
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...
Hardcoded credentials
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...
CVE-2022-41400
Sage 300 (through 2022) is affected by CVE-2022-41400 due to a hard-coded 40-byte Blowfish key used to encrypt/decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This weak key mechanism could allow an attacker to decrypt credentials store...
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings...
CVE-2017-9637
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that...