Emre Övünç

#9626de 53,635
28.7CVSS total
Vulnerabilidades · 4
Média
2
Alta
1
Crítica
1
PT-2019-13607
7.5
2019-07-28
Pallets · Werkzeug · CVE-2019-14322
**Name of the Vulnerable Software and Affected Versions** Pallets Werkzeug versions prior to 0.15.5 **Description** The issue is related to how SharedDataMiddleware handles drive names, such as C:, in Windows pathnames. This mishandling can lead to potential security issues. **Recommendations** For versions prior to 0.15.5, update to version 0.15.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the SharedDataMiddleware to minimize the risk of exploitation.
PT-2019-17851
9.8
2019-01-10
Nelson · Nelson Open Source Erp · CVE-2019-5893
**Name of the Vulnerable Software and Affected Versions** Nelson Open Source ERP version 6.3.1 **Description** The issue allows SQL Injection via the `db/utils/query/data.xml` query parameter. This means an attacker could potentially inject malicious SQL code to manipulate the database. **Recommendations** For Nelson Open Source ERP version 6.3.1, consider restricting access to the `data.xml` query parameter in the `db/utils/query` endpoint until a patch is available. Avoid using the `data.xml` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-13417
5.3
2018-08-29
Cybrotech · Cybrohttpserver · CVE-2018-16133
**Name of the Vulnerable Software and Affected Versions** Cybrotech CyBroHttpServer version 1.0.3 **Description** The issue allows Directory Traversal via a ../ in the URI. This means an attacker could potentially access files or directories outside the intended directory structure by manipulating the URI with ../ sequences. **Recommendations** For Cybrotech CyBroHttpServer version 1.0.3, consider restricting or validating user input in the URI to prevent ../ sequences from being processed, until a patch is available.
PT-2018-13418
6.1
2018-08-29
Cybrotech · Cybrohttpserver · CVE-2018-16134
**Name of the Vulnerable Software and Affected Versions** Cybrotech CyBroHttpServer version 1.0.3 **Description** The issue allows for cross-site scripting (XSS) attacks via a URI. **Recommendations** For Cybrotech CyBroHttpServer version 1.0.3, update to a version that fixes this issue, however at the moment, there is no information about a newer version that contains a fix for this vulnerability.