Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious progra ...
Continue Reading
July 20, 2022
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infi ...
Continue Reading
July 20, 2022
Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitra ...
Continue Reading
July 19, 2022
A remote attacker with general user privilege can send a message to Teamplus Pros chat group that exceeds message size limit, to terminate other recipients Teamplus Pro chat process.Read More ...
Continue Reading
July 19, 2022
HiCOS client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, man ...
Continue Reading
July 19, 2022
Digiwin BPM has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform Blind SSRF attack to discover internal network topology base on URL error response.Read More ...
Continue Reading
July 19, 2022
Digiwin BPMs function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify, delete database or disrupt service.Read More ...
Continue Reading
July 19, 2022
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vu ...
Continue Reading
July 19, 2022
Back to Main
