626 matches found
CVE-2023-36131
PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter...
The vulnerability of the Advanced Networking Option component of the Oracle Database Server system allows a attacker to gain read, modify, add, or delete access to data.
The vulnerability of the Advanced Networking Option component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain read, modify, add, or delete access to data...
The vulnerability of the Keytool component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to gain access to modify, add, or delete data.
The vulnerability of the Keytool component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data...
PT-2023-24671 · Shopware · Shopware
Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 5.7.18 Description: The mail validation in the registration process had flaws, allowing the construction of different mail addresses that result in the same address, which can be shared by multiple accounts...
The vulnerability of the microprogramming software of ThinkPad Hybrid USB-C with USB-A Dock exists due to insufficient testing of input data. This allows a hacker to execute code with elevated privileges.
The vulnerability of the ThinkPad Hybrid USB-C with USB-A Dock’s microprogramming software exists due to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to execute code with elevated privileges during package updates or installations...
The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST controllers, related to deficiencies in the validation of user-input data, allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to deficiencies in the validation of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...
CVE-2023-20077
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...
CVE-2023-20722
In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084...
The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of the banking analytics system’s simulation model. This vulnerability allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the sub-component “Application” within the Oracle Financial Services Behavior Detection Platform of a bank analytics system’s simulation model involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Routing Hub sub-component of the Oracle Banking Virtual Account Management component in the banking analytics system of the Oracle Financial Services Applications allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the Routing Hub subcomponent of the Oracle Banking Virtual Account Management component in the banking analytics system of the Oracle Financial Services Applications is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the Core component of the Oracle Health Sciences InForm software for clinical testing allows a malicious individual to cause service failures or gain access to read, modify, add, or delete data.
The vulnerability of the Core component of the Oracle Health Sciences InForm software for clinical testing is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service failures or gain access to read, modify, add, or delete data...
Gin-Gonic Gin 输入验证错误漏洞
Gin-Gonic Gin is a Go-based framework for rapidly building web applications from the Gin-Gonic team. A security vulnerability exists in Gin-Gonic Gin prior to version 1.9.0, which stems from vulnerability to incorrect input validation, and can be exploited by an attacker to use a specially crafte...
Dell EMC ECS 数据伪造问题漏洞
The Dell EMC ECS is a storage device from Dell USA. A cryptographic issue vulnerability exists in Dell EMC ECS versions prior to 3.8.0.2, which stems from incorrect validation of cryptographic signatures. An attacker exploiting this vulnerability could modify the subject data of a request...
Vulnerability of the Server component: The Connection Handling module of the MySQL Server database management system, which allows attackers to cause service interruptions.
The vulnerability of the MySQL Server component, which handles database connections, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
Nokia NetAct 代码问题漏洞
Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...
The vulnerability of the Secure Channel component in Windows operating systems, which allows a hacker to cause a service failure
The vulnerability of the Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the PostScript Printer Driver (Pscript) and PCL6 Class Printer drivers for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the PostScript Printer Driver PScript and PCL6 Class Printer operating systems for Windows is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2023-20128
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilitie...
CVE-2023-20146
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due t...