28 matches found
EUVD-2024-26440
Malicious code in bioql PyPI...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2024-29434
An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...
CVE-2024-29434
An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...
CVE-2024-27605
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users test can query information about the users in the system...
CVE-2024-27604
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...
CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...
CVE-2024-27605
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users test can query information about the users in the system...
CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...
CVE-2024-27602
Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...
CVE-2024-27605
CVE-2024-27605 affects Alldata v0.4.6 and describes an Insecure Permissions issue that allows non-authenticated or insufficiently privileged users (e.g., user/test) to query information about other users in the system. Root cause cited across connected sources is misconfigured permissions exposin...
CVE-2024-29434
An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...
ALLDATA 安全漏洞
ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from the disclosure of interface documentation for multiple modules, e.g....
CVE-2024-29434
An issue in the system image upload interface of Alldata v0.4.6 allows attackers to execute a directory traversal when uploading a file...
CVE-2024-27605
Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users test can query information about the users in the system...
CVE-2024-27604
Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized...
CVE-2024-29434
The CVE-2024-29434 affects Alldata v0.4.6, where the system image upload interface is vulnerable to directory traversal during file upload. The issue is documented across multiple sources (NVD/Red Hat/PTSecurity/CNNVD/CVE list) with a high impact (C:H/I:H) and low attack complexity, requiring low...
CVE-2024-29432
Summary: CVE-2024-29432 affects Alldata v0.4.6 and is a SQL injection flaw exploitable via the tablename parameter in /data/masterdata/datas. The vulnerability details are supported by multiple connected sources, all citing the same description. Affected component: Alldata v0.4.6 (data/masterdata...
CVE-2024-29432
Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas...