CWE:
 

Topic
Date
Author
Low
SAP Enterprise Portal XSLT Injection
27.01.2022
Yvan Genuer


CVEMAP Search Results

CVE
Details
Description
2024-08-13
Waiting for details
CVE-2024-38133

Updating...
 

 
Windows Kernel Elevation of Privilege Vulnerability

 
2024-07-09
Waiting for details
CVE-2024-26015

Updating...
 

 
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

 
2024-04-25
Waiting for details
CVE-2024-1657

Updating...
 

 
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.

 
2023-09-12
Waiting for details
CVE-2023-40623

Updating...
 

 
SAP BusinessObjects SuiteĀ Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

 
2023-09-08
Waiting for details
CVE-2023-32470

Updating...
 

 
Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

 
2023-06-23
Waiting for details
CVE-2023-28065

Updating...
 

 
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.

 
Waiting for details
CVE-2023-28071

Updating...
 

 
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

 
2023-05-25
Waiting for details
CVE-2023-2886

Updating...
 

 
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

 
2023-01-09
Waiting for details
CVE-2014-125071

Updating...
 

 
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716.

 
2022-09-06
Waiting for details
CVE-2022-2429

Updating...
 

 
The Ultimate SMS Notifications for WooCommerce plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.1 via the 'Export Utility' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into billing information like their First Name that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top