Gryphon Tower licensing issue vulnerability

Gryphon Tower is a wireless router from Gryphon, Inc. Gryphon Tower is vulnerable to an authorization issue that could be exploited by attackers to make configuration changes to the device...

CVE-2021-20145

Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers access to the Gryphon homebound VPN network which exposes the LAN interfaces of other users' devices connected to the same service. An attacker could leverage this to make configuration changes to, o...

Gryphon Tower 授权问题漏洞

Gryphon Tower is a wireless router from Gryphon, Inc. Gryphon Tower is vulnerable to an authorization issue that could be exploited by attackers to make configuration changes to the device...

CVE-2021-34543

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with...

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

Updated couchdb packages fix security vulnerability

Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. CVE-2021-38295...

CVE-2021-40113

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol i...

Cisco Catalyst 安全漏洞

Cisco Catalyst is a series of switches from Cisco USA. A security vulnerability exists in the Cisco Catalyst Passive Optical Network Series Switches, which is caused by incorrect HTTPS input validation in the web management interface of the Cisco Catalyst PON Series Switches ONT. An attacker coul...

CVE-2021-20120

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...

Cross site request forgery (csrf)

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes such as changing the administrative password without the consent of the user...

CVE-2021-38480

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...

Cross site request forgery (csrf)

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...

CVE-2021-38480 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...

Apache CouchDB <= 3.1.1 Privilege Escalation Vulnerability - Linux

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

Privilege escalation

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

CVE-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

PT-2021-14725 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.314 and earlier Jenkins LTS versions 2.303.1 and earlier Description: The issue arises from Jenkins accepting names of jobs and other entities with a trailing dot character on Windows, potentially allowing users with...

The vulnerability of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, relates to deficiencies in access control. This allows an attacker to gain access to confidential internal services and modify configurations on the vulnerable device.

The vulnerability of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to confidential internal services and modify the configuration on the...