Kategori: NIST-Təhlükəsizlik Zəiflikləri

CVE-2023-1305

An authenticated attacker can leverage an exposed “boxâ€� object to read and write arbitrary files from disk, provided those files can be parsed as yaml…

Devamını oku

CVE-2023-1306

An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution.…

Devamını oku

CVE-2022-45635

An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password…

Devamını oku

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism. Zafiyet ile ilgili Genel…

Devamını oku

CVE-2022-42333

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability…

Devamını oku

CVE-2022-42334

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability…

Devamını oku

CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions…

Devamını oku

CVE-2022-42332

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run…

Devamını oku

CVE-2023-1153

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue…

Devamını oku

CVE-2023-1154

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22. Zafiyet ile ilgili Genel…

Devamını oku