1734 matches found
Allocation of Resources Without Limits or Throttling in nvflare
Impact NVIDIA FLARE contains a vulnerability in Admin Interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable All versions before 2.0.16 are affected. Patches The patch will be included in nvflare==2.0.1...
CVE-2022-21822
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable...
CVE-2022-21822
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable...
CVE-2022-21822
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable...
Design/Logic Flaw
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable...
CVE-2022-21822
NVIDIA FLARE (NVFlare) admin interface vulnerability (CVE-2022-21822) exposes an unauthenticated network-facing flaw that can enable an attacker to trigger Allocation of Resources Without Limits or Throttling, potentially rendering the system unavailable. Affected: NVFlare/NVFlare Admin Interface...
CVE-2022-21822
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable...
CVE-2022-0648
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the orderpos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-25214
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated...
Luocms SQL注入漏洞
Luocms is an article management system. A SQL injection vulnerability exists in Luocms v2.0, which stems from a lack of validation of external input SQL statements in /admin/link/linkmod.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data...
PT-2022-17153 · Phicomm · K2 Firmware +1
Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided. Description: The issue concerns improper access control on certain interfaces, allowing an unauthenticated remote attacker to obtain sensitive information. This includes data about...
CVE-2022-24573
A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...
CVE-2022-24573
Element-IT HTTP Commander 7.0.0 is affected by a stored cross-site scripting (XSS) vulnerability in the admin interface. The issue allows unauthenticated attackers to obtain admin access by injecting a malicious script through the User-Agent field. The CVE describes the root cause as a stored XSS...
CVE-2022-24573
A stored cross-site scripting XSS vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field...
Apache APISIX 安全漏洞
Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . A remote code execution vulnerability...
CVE-2021-45735
TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...
CVE-2021-45735
TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...
Design/Logic Flaw
TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...
Keycloak: Incorrect authorization allows unpriviledged users to create other users
A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...