Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that stems from the fact that under certain circumstances, the offline cache of ServiceWorker may leak to the file system when using...

The vulnerability of the Dell GeoDrive local file system, related to an uncontrolled DLL search path, allows a perpetrator to execute arbitrary code.

The vulnerability of the Dell GeoDrive local file system is related to an uncontrolled DLL search path. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the graphical interface of the Dell GeoDrive local file system allows a perpetrator to disclose protected information.

The vulnerability of the Dell GeoDrive local file system’s graphical interface is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the Dell GeoDrive local file system’s interface arises due to an incorrect path limitation for the restricted access directory. This allows attackers to gain unauthorized access and perform unauthorized file deletion operations.

The vulnerability of the Dell GeoDrive local file system exists due to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to delete files...

The vulnerability of the Dell GeoDrive local file system interface, related to the unencrypted storage of confidential information, allows an intruder to disclose the protected data.

The vulnerability of the Dell GeoDrive local file system is related to the unencrypted storage of confidential information. Exploiting this vulnerability could allow an attacker to disclose the protected information...

CVE-2022-4428

supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...

Privilege escalation

supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...

CVE-2022-4428 support_uri validation missing in WARP client for Windows

supporturi parameter in the WARP client local settings file mdm.xml lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a...

IBM Cognos Analytics Log Injection Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A log injection vulnerability...

IBM Cognos Analytics Server-Side Request Forgery Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A server-side request forgery...

CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266...

CVE-2022-43883

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266...

Server side request forgery (ssrf)

IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to a Server-Side Request Forgery Attack SSRF attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 234180...

PT-2022-27040 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: The issue allows attackers to perform a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the intern...

IBM Cognos Analytics 注入漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A log injection vulnerability...

The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, allows attackers to enhance their privileges.

The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, allows attackers to enhance their privileges.

The vulnerability of the Windows Resilient File System, a local file system for Windows operating systems, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2022-37866 Apache Ivy allows path traversal in the presence of a malicious repository

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characte...

PT-2022-7281 · Apache +1 · Apache Ivy +1

Name of the Vulnerable Software and Affected Versions: Apache Ivy versions 2.0.0 through 2.5.1 Description: The issue is related to the incorrect restriction of the directory path name in the Apache Ivy package manager. This can allow a remote attacker to gain unauthorized access to the file...

Cisco TelePresence CE Multiple Vulnerabilities (cisco-sa-roomos-trav-beFvCcyu)

According to its self-reported version, Cisco TelePresence Collaboration Endpoint Software is affected by multiple vulnerabilities: - A vulnerability in Cisco TelePresence CE could allow an authenticated, local attacker to view sensitive information on an affected device. This vulnerability exist...