Lucene search
K

869 matches found

OSV
OSV
added 2022/07/20 5:15 p.m.4 views

CVE-2022-34049

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data...

5.3CVSS5.8AI score0.02176EPSS
Exploits1References2
Prion
Prion
added 2022/07/20 5:15 p.m.19 views

Design/Logic Flaw

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data...

5CVSS5.3AI score0.02176EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/07/20 4:50 p.m.25 views

CVE-2022-34049

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data...

5.6AI score0.02176EPSS
Exploits1References2
CVE
CVE
added 2022/07/20 4:50 p.m.67 views

CVE-2022-34049

WAVLINK WN530HG4 (M30HG4.V5030.191116) is affected by an improper access control vulnerability. The Nuclei template specifies that unauthenticated attackers can download log files and configuration data via Exportlogs.sh, with potential for data modification or unauthorized operations. The issue ...

5.3CVSS5.3AI score0.02176EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/07/20 12:0 a.m.3 views

WAVLINK WN530HG4 安全漏洞

The WAVLINK WN530HG4 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in the WAVLINK WN530HG4 M30HG4.V5030.191116 version, which originates from a vulnerability that allows an unauthenticated attacker to download log files and configuration data...

5.3CVSS5.8AI score0.02176EPSS
Exploits1References3
NVD
NVD
added 2022/06/14 10:15 a.m.15 views

CVE-2021-30327

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music...

7.5CVSS0.00167EPSS
Exploits1References1
CVE
CVE
added 2022/06/14 10:10 a.m.75 views

CVE-2021-30327

CVE-2021-30327 describes a buffer overflow in the Sahara protocol during command processing that overwrites secure configuration data in Qualcomm Snapdragon products. Affected are Snapdragon Mobile, Compute, Auto, IOT, Connectivity, and Voice & Music lines. Root cause: buffer overflow in Sahara p...

7.5CVSS7AI score0.00167EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/14 12:0 a.m.5 views

PT-2022-9990 · Qualcomm · Snapdragon Iot +5

Name of the Vulnerable Software and Affected Versions: Snapdragon Mobile affected versions not specified Snapdragon Compute affected versions not specified Snapdragon Auto affected versions not specified Snapdragon IOT affected versions not specified Snapdragon Connectivity affected versions not...

7.5CVSS6.7AI score0.00167EPSS
Exploits1References3
OSV
OSV
added 2022/06/10 4:15 p.m.4 views

CVE-2022-31769

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219...

5.3CVSS6.1AI score0.01127EPSS
Exploits0References2
CNVD
CNVD
added 2022/05/23 12:0 a.m.33 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64197)

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS2.4AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/20 12:0 a.m.15 views

Cisco Common Services Platform Collector跨站脚本漏洞(CNVD-2022-50666)

Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collector is...

6.1CVSS2.9AI score0.00685EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/17 7:44 p.m.21 views

CVE-2021-35249 Domain Admin Broken Access Control

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data read only operation. This UAC issue leads to a data leak to...

4.3CVSS4.9AI score0.00644EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.3 views

SolarWinds Serv-U FTP Server 访问控制错误漏洞

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from SolarWinds Corporation, USA. A security vulnerability exists in SolarWinds Serv-U FTP Server 15.3 and prior versions, which stems from the presence of improper access control in the application. An unauthorized...

4.3CVSS5.2AI score0.00644EPSS
Exploits0References4
OSV
OSV
added 2022/05/14 3:37 a.m.15 views

GHSA-G569-49WG-JX5F Apache Geode configuration request authorization vulnerability

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 3:37 a.m.34 views

Apache Geode configuration request authorization vulnerability

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.2AI score0.02043EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/14 1:29 a.m.2 views

GHSA-V49X-8HVM-Q347 Exposure of Sensitive Information in Apache Pluto

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

7.5CVSS7.2AI score0.43895EPSS
Exploits5References4
Github Security Blog
Github Security Blog
added 2022/05/14 1:29 a.m.23 views

Exposure of Sensitive Information in Apache Pluto

The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...

7.5CVSS3.5AI score0.43895EPSS
Exploits5References4Affected Software1
NVD
NVD
added 2022/05/02 8:15 p.m.14 views

CVE-2021-41810

Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...

5.2CVSS0.00668EPSS
Exploits0References3
Prion
Prion
added 2022/05/02 8:15 p.m.21 views

Authentication flaw

Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable...

3.5CVSS5.3AI score0.00668EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/02 7:6 p.m.82 views

CVE-2021-41810

The CVE-2021-41810 issue affects M-Files Server. An administrative tool can store configuration data that may contain a script, which can be executed by another vault administrator. The vulnerability requires vault admin level authentication and is not remotely exploitable per the primary descrip...

5.2CVSS5.1AI score0.00668EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder