Archer Platform 安全漏洞

Archer Platform is a modern integrated risk management solution from Archer, Inc. A security vulnerability exists in Archer Platform versions 6.x through 6.11 that stems from an issue with permission restrictions in the REST API. An authenticated, remote malicious user could exploit this...

Use of Cache Containing Sensitive Information

Overview TGServiceInterface is a production scale tool for BYOND server management. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to active logins being cached, allowing subsequent logins to succeed with any username or password. Remediation...

Open5GS 代码问题漏洞

Open5Gs is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial-of-service vulnerability exists in Open5GS version 2.3.6 and earlier, which stems from a null pointer reference in src/amf/namf-handler.c. The vulnerability is caused by a specially...

Vulnerability in the Oracle Java SE Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321 8u311 11.0.13 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments typically in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component e.g. through a web service which supplies data

...

Ericsson CodeChecker 跨站脚本漏洞

Codechecker is an analysis tool, defect database and viewer extension for Clang Static Analyzer and Clang Tidy. A security vulnerability exists in Ericsson CodeChecker before 6.18.0 that allows remote attackers to inject arbitrary web script or HTML via POST JSON data from the /CodeCheckerService...

CVE-2021-20175

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface port 5000 is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be...

CVE-2021-26614

iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...

CVE-2021-26614

The CVE-2021-26614 issue affects the IpTime C200 IP camera, where the ius_get.cgi web service interface is vulnerable. A remote attacker can send crafted parameters to this exposed endpoint, which can invoke arbitrary shell commands, enabling remote code execution. Public references describe the ...

PT-2021-7237

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions prior to 11302 Description The issue is related to the implementation of the REST API interface in Zoho ManageEngine ServiceDesk Plus, specifically concerning weaknesses in the authentication...

The vulnerability in the JSONWS web interface service of the Liferay Portal allows a malicious actor to execute arbitrary code.

The vulnerability of the JSONWS web service interface for accessing corporate applications in the Liferay Portal is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

Red Hat 访问控制错误漏洞

Red Hat is an operating system from the American company Red Hat, Inc. It provides an open source operating system. A security vulnerability exists in the API documentation URL for Red Hat 3scale, which stems from access without credentials. An attacker could use the vulnerability to view sensiti...

Cisco Adaptive Security Appliances Software 安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in the Cisco Adaptive Security Appliance, which is caused by insufficient boundary checking of specific data provided to the web service...

Unspecified vulnerability in GLPI (CNVD-2021-17771)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

UBUNTU-CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is...

PT-2021-14423 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue allows creating tickets for another user with the self-service interface without having delegatee systems enabled. Recommendations: For versions prior to 9.5.4, update to version 9.5.4 to...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

CVE-2021-21326

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is...

The vulnerability of the REST API interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) relates to insufficient validation of input data, allowing a perpetrator to re-record any files in the operating system of the vulnerable device.

The vulnerability of the REST API interface of Cisco Enterprise NFV Infrastructure Software NFVIS is related to insufficient validation of input data. Exploiting this vulnerability may allow a malicious actor to re-record any files in the operating system of the vulnerable device remotely...

Cisco UCS Director and Cisco UCS Director Express for Big Data Path Traversal Vulnerability (CNVD-2020-25350)

Cisco UCS Director and Cisco UCS Director Express for Big Data are both products from Cisco, Inc. Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Cisco UCS Director is a heterogeneous platform for private cloud infrastructure-as-a-service IaaS. A...

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to disclose sensitive information.

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...