An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user. Zafiyet ile ilgili Genel Bilgi,…
Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) – versions 420, 430, exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri…
SAP NetWeaver Enterprise Portal (KMC) – version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session. Zafiyet ile ilgili Genel Bilgi, Etki…
In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. Worst case impact of this vulnerability is denial of service for the RPKI data…
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the ‘id->name’ provided by the user did not end with ”. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system. Zafiyet ile ilgili…
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the…
Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR (certificate signing request) Talos control plane node might issue Talos API certificate which allows full access to Talos…
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath(“https://go.dev”, “../go”) returns the URL “https://go.dev/../go”, despite the JoinPath documentation stating that ../ path elements are removed from the result. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Windows Photo Import API Elevation of Privilege Vulnerability. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
.NET Framework Remote Code Execution Vulnerability. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Windows Credential Roaming Service Elevation of Privilege Vulnerability. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database