Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29539: Vulnerability Research & Advisor

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user.

CVE
#vulnerability#web#oracle#wordpress#intel#perl#nokia#ericsson#auth#ibm

Finalità e modalità operative

CVE-2022-29539 – RESI S.p.A

CVE-2022-29538 – RESI S.p.A

CVE-2022-28862 – ARCHIBUS Web Central

CVE-2022-27880 – F5 Traffix Signal Delivery Controller

CVE-2022-27662 – F5 Traffix Signal Delivery Controller

CVE-2022-26484 – Veritas Operations Manager

CVE-2022-26483 – Veritas Operations Manager

CVE-2022-25344 – Olivetti d-COLOR MF3555

CVE-2022-25343 – Olivetti d-COLOR MF3555

CVE-2022-25342 – Olivetti d-COLOR MF3555

CVE-2021-41555 – ARCHIBUS Web Central

CVE-2021-41554 – ARCHIBUS Web Central

CVE-2021-41553 – ARCHIBUS Web Central

CVE-2021-38123 – Micro Focus Network Automation

CVE-2021-35492 – Wowza Streaming Engine

CVE-2021-35491 – Wowza Streaming Engine

CVE-2021-35490 – Thruk

CVE-2021-35489 – Thruk

CVE-2021-35488 – Thruk

CVE-2021-32571 – Ericsson OSS-RC

CVE-2021-32569 – Ericsson OSS-RC

CVE-2021-31540 - WOWZA Streaming Engine

CVE-2021-31539 - WOWZA Streaming Engine

CVE-2021-29661 – Softing AG OPC Toolbox

CVE-2021-29660 – Softing AG OPC Toolbox

CVE-2021-28979 - Thales SafeNet KeySecure Management Console

CVE-2021-28488 – Ericsson Network Manager

CVE-2021-28250 – CA eHealth Performance Manager

CVE-2021-28249 – CA eHealth Performance Manager

CVE-2021-28248 – CA eHealth Performance Manager

CVE-2021-28247 – CA eHealth Performance Manager

CVE-2021-28246 – CA eHealth Performance Manager

CVE-2021-26597 – NOKIA NetAct

CVE-2021-26596 – NOKIA NetAct

CVE-2021-3314 - Oracle GlassFish Server

CVE-2021-2005 – ORACLE Business Intelligence Enterprise Edition of Oracle Fusion Middleware

CVE-2020-35590 – WordPress Plugin Limit Login Attempts Reloaded

CVE-2020-35589 – WordPress Plugin Limit Login Attempts Reloaded

CVE-2020-28209 – Schneider Electric StruxureWare Building Operation Enterprise Server Installer – Enterprise Central Installer

CVE-2020-27583 – IBM InfoSphere Information Server

CVE-2020-17458 – MultiUX

CVE-2020-17457 – Fujitsu ServerView Suite iRMC

CVE-2020-15794 – Siemens Desigo Insight

CVE-2020-15793 – Siemens Desigo Insight

CVE-2020-15792 – Siemens Desigo Insight

CVE-2020-14843 – ORACLE Business Intelligence Enterprise Edition of Oracle Fusion Middleware

CVE-2020-14842 – ORACLE Business Intelligence Enterprise Edition of Oracle Fusion Middleware

CVE-2020-14690 – ORACLE Business Intelligence Enterprise Edition of Oracle Fusion Middleware

CVE-2020-12081 – FlexNet Publisher

CVE-2020-9050 – Johnson Controls Metasys MREWeb Service

CVE-2020-7573 – Schneider Electric StruxureWare Building Operation WebReports

CVE-2020-7572 – Schneider Electric StruxureWare Building Operation WebReports

CVE-2020-7571 – Schneider Electric StruxureWare Building Operation WebReports

CVE-2020-7570 – Schneider Electric StruxureWare Building Operation WebReports

CVE-2020-7569 – Schneider Electric StruxureWare Building Operation WebReports

CVE-2020-2505 – QNAP QES

CVE-2020-2504 – QNAP QES

CVE-2020-2503 – QNAP QES

CVE-2019-19994 - Selesta Visual Access Manager

CVE-2019-19993 - Selesta Visual Access Manager

CVE-2019-19992 - Selesta Visual Access Manager

CVE-2019-19991 - Selesta Visual Access Manager

CVE-2019-19990 - Selesta Visual Access Manager

CVE-2019-19989 - Selesta Visual Access Manager

CVE-2019-19988 – Selesta Visual Access Manager

CVE-2019-19987 - Selesta Visual Access Manager

CVE-2019-19986 - Selesta Visual Access Manager

CVE-2019-19456 - WOWZA Streaming Engine

CVE-2019-19455 - WOWZA Streaming Engine

CVE-2019-19454 - WOWZA Streaming Engine

CVE-2019-19453 - WOWZA Streaming Engine

CVE-2019-17406 - NOKIA IMPACT

CVE-2019-17405 - NOKIA IMPACT

CVE-2019-17404 - NOKIA IMPACT

CVE-2019-17403 - NOKIA IMPACT

Related news

CVE-2022-27880

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2022-27662

On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVE-2021-2119: Oracle Critical Patch Update Advisory - January 2021

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

CVE-2020-14829: Oracle Critical Patch Update Advisory - October 2020

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVE-2020-15792

A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based blind SQL injection attack.

CVE-2019-19453: Vulnerability Research & Advisor

Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will be triggered in the main page of server settings. This issue was resolved in Wowza Streaming Engine 4.8.5.

CVE-2020-2978: Oracle Critical Patch Update Advisory - July 2020

Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907