162 matches found
CVE-2023-27462
Siemens RUGGEDCOM CROSSBOW (all versions
Fortinet FortiPortal 日志信息泄露漏洞
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. An information disclosure vulnerability exists in Fortinet FortiPortal versions 7.0.0...
Fortinet FortiWeb 注入漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists in several...
Improper Access Control
github.com/usememos/memos is vulnerable to improper access control. The vulnerability allows authenticated remote attackers to edit and delete all other user shortcuts via the ID parameter...
CVE-2022-45936
A vulnerability has been identified in Mendix Email Connector All versions V2.0.0. Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information...
Information disclosure
A vulnerability has been identified in Mendix Email Connector All versions V2.0.0. Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information...
PT-2022-27936 · Mendix · Mendix Workflow Commons
Name of the Vulnerable Software and Affected Versions: Mendix Workflow Commons versions prior to 2.4.0 Mendix Workflow Commons V2.1 versions prior to 2.1.4 Mendix Workflow Commons V2.3 versions prior to 2.3.2 Description: A vulnerability has been identified in the handling of access control for...
Cisco Identity Services Engine 跨站脚本漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform regulates the network by collecting real-time information from the network, users, and devices to develop and enforce policies. The Cisco Identity Services Engine suffers from...
Vulnerability fixed in IBM Security Access Manager
A vulnerability has been fixed in IBM WebSphere Application Server. The vulnerability allows an authenticated remote malicious party to remote user to perform a Cross-Site Scripting attack on the admin console. IBM has released updates to fix the vulnerabilities. More information can be found on...
CVE-2022-30694
Summary: CVE-2022-30694 is a CSRF vulnerability in the Siemens web server login endpoint "/FormLogin" that can allow an authenticated attacker to track other users’ activities by bypassing origin checks. The issue affects multiple Siemens products including SIMATIC Drive Controllers, SIMATIC ET 2...
CVE-2022-30694
The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack...
Cisco Identity Services Engine 跨站脚本漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users, and devices, and develops and enforces policies to monitor the network. A cross-site scripting vulnerability exists in...
Cross site scripting
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The Cisco Identity Services Engine is vulnerable to information disclosure, which stems from a failure to properly enforce administrative privilege levels for sensitive data. An...
CVE-2021-43955
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability...
CVE-2021-43948
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
PT-2021-4619 · Cisco · Cisco Firepower Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center FMC Software is related to improper...
CVE-2021-37173
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.14.1, RUGGEDCOM ROX RX1400 All versions V2.14.1, RUGGEDCOM ROX RX1500 All versions V2.14.1, RUGGEDCOM ROX RX1501 All versions V2.14.1, RUGGEDCOM ROX RX1510 All versions V2.14.1, RUGGEDCOM ROX RX1511 All versions V2.14.1,...
Design/Logic Flaw
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.14.1, RUGGEDCOM ROX RX1400 All versions V2.14.1, RUGGEDCOM ROX RX1500 All versions V2.14.1, RUGGEDCOM ROX RX1501 All versions V2.14.1, RUGGEDCOM ROX RX1510 All versions V2.14.1, RUGGEDCOM ROX RX1511 All versions V2.14.1,...