Lucene search
K

103 matches found

OSV
OSV
added 2023/06/13 9:15 a.m.3 views

CVE-2023-25609

A server-side request forgery SSRF vulnerability CWE-918 in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests...

6.5CVSS5.8AI score0.00378EPSS
Exploits0References1
NVD
NVD
added 2023/02/22 6:15 p.m.23 views

CVE-2022-43873

An authenticated user can exploit a vulnerability in the IBM Spectrum Virtualize 8.2, 8.3, 8.4, and 8.5 GUI to execute code and escalate their privilege on the system. IBM X-Force ID: 239847...

8.8CVSS7.5AI score0.00614EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.3 views

SUSE CVE-2016-5545

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: GUI. Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac...

6.3CVSS6AI score0.01488EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/11/08 12:0 a.m.11 views

CVE-2022-41205

SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application...

5.5CVSS6.4AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2022/10/10 2:15 p.m.4 views

CVE-2022-26121

An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via...

5.3CVSS5.8AI score0.00734EPSS
Exploits0References1
OSV
OSV
added 2022/09/08 8:15 a.m.4 views

CVE-2022-35273

OS command injection vulnerability in GUI setting page of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...

8.8CVSS6AI score0.01536EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.6 views

Voipmonitor 授权问题漏洞

VoIPmonitor is an open source network packet sniffer from the VoIPmonitor team. Has a commercial front-end for the SIP RTP RTCP SKINNY SCCP MGCP WebRTC VoIP protocol running on Linux. Voipmonitor suffers from a security vulnerability that stems from an error check in cdr.php, a component of the...

9.8CVSS8.5AI score0.02001EPSS
Exploits1References3
OSV
OSV
added 2021/12/28 11:15 a.m.5 views

CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device...

8CVSS7.5AI score0.00463EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/12/24 12:0 a.m.3 views

The vulnerability of the graphical interface of the Fortinet FortiManager device management software and the Fortinet FortiAnalyzer security event monitoring and analysis software allows a hacker to obtain a list of administrative users from other ADOMs and their configurations.

The vulnerability of the graphical interface of the Fortinet FortiManager device management center and the Fortinet FortiAnalyzer event monitoring and analysis tool is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker, operating remotely,...

4.3CVSS5.5AI score0.00646EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2021/11/24 4:15 p.m.17 views

CVE-2021-20843

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...

5.4CVSS0.00671EPSS
Exploits0References4
CVE
CVE
added 2021/11/24 8:25 a.m.53 views

CVE-2021-20843

The CVE-2021-20843 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210). Root cause: Cross-site script inclusion in the Web GUI that can allow an authenticated user to alter settings via a crafted page. Verified fixes are firmware updates: RTX830 Rev.15.02.20; NVR510 Rev.15.01.21; NVR700W Re...

5.4CVSS5.2AI score0.00671EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2021/11/02 5:56 p.m.14 views

CVE-2020-12814

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI...

4.1CVSS7.5AI score0.00451EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.5 views

Fortinet FortiOS 信任管理问题漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...

6.5CVSS5.7AI score0.00551EPSS
Exploits0References4
OSV
OSV
added 2021/09/20 5:15 p.m.1 views

CVE-2021-29821

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS6.2AI score0.00522EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.5 views

Fortinet FortiPortal 跨站脚本漏洞

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A cross-site scripting vulnerability exists in the Fortinet FortiPortal GUI due to...

6.1CVSS5.9AI score0.00632EPSS
Exploits0References4
CNVD
CNVD
added 2021/05/12 12:0 a.m.9 views

SAP GUI Input Validation Error Vulnerability

SAP GUI is a German SAP SAP company's application software. graphical user interface for the SAP system. An input validation error vulnerability exists in SAP GUI for Windows versions 7.60 and 7.70. The vulnerability stems from the program redirecting users to a specific malicious website, which...

6.1CVSS6.7AI score0.00618EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/05/10 6:44 p.m.6 views

@cycle-robot-drivers/run (>=0.0.0 <=1.0.27), @wannaby/wanna-model-viewer (>=0.0.1 <=0.0.10) +17 more potentially affected by CVE-2020-7755 via dat.gui (>=0.6.5 <=0.7.7)

dat.gui NPM version =0.6.5, =0.0.0, =0.0.1, =1.0.0, =3.0.0, =0.0.0, =0.0.0, =1.0.0, =0.6.0, =0.1.0, =0.3.2, =2.0.0, =0.0.7, =0.0.0, =0.0.7 and more Source cves: CVE-2020-7755 Source advisory: OSV:GHSA-CHWR-HF3W-C984...

7.5CVSS7.1AI score0.02073EPSS
Exploits1
NCSC
NCSC
added 2021/03/23 12:0 a.m.5 views

Vulnerabilities fixed in Tivoli Netcool/OMNIbus

IBM Tivoli Netcool / OMNIbusGUI is vulnerable to stored cross-site scripting XSS. This security vulnerability CVE-2021-20336 allows users insert arbitrary JavaScript code into the Web interface, thereby altering the intended functionality, potentially lead to the release of login credentials with...

9.8CVSS8.8AI score0.95922EPSS
Exploits11
CNVD
CNVD
added 2021/03/08 12:0 a.m.4 views

Secomea GateManager Cross-Site Scripting Vulnerability

GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the web GUI of Secomea GateManager versions prior to 9.4. The vulnerability stems from improper input validation. An attacker can exploit the vulnerability to execute arbitrary javascript code...

7.3CVSS6.5AI score0.00777EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/08 12:0 a.m.7 views

Marvell QConvergeConsole 安全漏洞

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A security vulnerability exists in the Marvell QConvergeConsole GUI version 5.5.0.74 and...

9CVSS7.3AI score0.00909EPSS
Exploits1References2
Rows per page
Query Builder