862 matches found
PT-2022-9990 · Qualcomm · Snapdragon Iot +5
Name of the Vulnerable Software and Affected Versions: Snapdragon Mobile affected versions not specified Snapdragon Compute affected versions not specified Snapdragon Auto affected versions not specified Snapdragon IOT affected versions not specified Snapdragon Connectivity affected versions not...
CVE-2022-31769
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64197)
Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...
Cisco Common Services Platform Collector跨站脚本漏洞(CNVD-2022-50666)
Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collector is...
CVE-2021-35249 Domain Admin Broken Access Control
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data read only operation. This UAC issue leads to a data leak to...
SolarWinds Serv-U FTP Server 访问控制错误漏洞
SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from SolarWinds Corporation, USA. A security vulnerability exists in SolarWinds Serv-U FTP Server 15.3 and prior versions, which stems from the presence of improper access control in the application. An unauthorized...
Apache Geode configuration request authorization vulnerability
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...
GHSA-G569-49WG-JX5F Apache Geode configuration request authorization vulnerability
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...
GHSA-V49X-8HVM-Q347 Exposure of Sensitive Information in Apache Pluto
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
Exposure of Sensitive Information in Apache Pluto
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
CVE-2021-41810
Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...
Authentication flaw
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable...
CVE-2021-41810
The CVE-2021-41810 issue affects M-Files Server. An administrative tool can store configuration data that may contain a script, which can be executed by another vault administrator. The vulnerability requires vault admin level authentication and is not remotely exploitable per the primary descrip...
CVE-2021-41810 Script injection in M-Files Admin
Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...
PT-2022-15288 · Juniper Networks · Juniper Networks Paragon Active Assurance
Name of the Vulnerable Software and Affected Versions: Juniper Networks Paragon Active Assurance version 3.1.0 Description: An issue in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially...
CVE-2022-24829
Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api...
CVE-2021-35036
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50ABTL.0b2k could allow an authenticated attacker to obtain sensitive information from the configuration file...
Path traversal
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...
CVE-2022-22349
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...
CVE-2021-44746
UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can acce...