Vmware Spring Framework 安全漏洞

Vmware Spring Framework is an open source Java, JavaEE application framework from Vmware, Inc. The framework helps developers build high-quality applications.Vmware Spring Framework has a security vulnerability that can be exploited by attackers to bypass Spring Framework access restrictions...

CVE-2021-24831

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs...

CVE-2021-24831

The CVE-2021-24831 entry concerns the WordPress Tab – Accordion, FAQ plugin prior to version 1.3.2. Affected component: the plugin’s AJAX endpoints; root cause described as all AJAX actions being accessible to both unauthenticated and authenticated users. Impact per sources: unauthenticated attac...

PT-2022-9478 · WordPress · Tab

Name of the Vulnerable Software and Affected Versions: Tab WordPress plugin versions prior to 1.3.2 Description: The issue allows unauthenticated attackers to modify various data in the plugin, such as add, edit, or delete arbitrary tabs, because all AJAX actions of the Tab WordPress plugin are...

CVE-2021-44160

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the...

Authentication flaw

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentication. The attacker can then perform limited operations on the system or modify data, making the...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).

...

The vulnerability of the nginx.ingress.kubernetes.io/auth-type controller in the Kubernetes ingress-nginx cluster arises from improper external management of the file name. This allows attackers to access, create, modify, or delete data.

The vulnerability of the nginx.ingress.kubernetes.io/auth-type controller in the Kubernetes ingress-nginx cluster is related to errors in processing hypertext links. Exploiting this vulnerability may allow an attacker to gain access to the ability to create, modify, or delete data...

Allegro Windows 安全漏洞

Allegro Windows is an accounting and management solution from the Belgian company Allegro. A security vulnerability exists in Allegro Windows that stems from Allegro WIndows embedding software administrator database credentials into a binary file, allowing users to access and modify data using th...

PYSEC-2021-836

Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default...

PT-2021-9161 · Insulet · Insulet Omnipod Insulin Management System

Name of the Vulnerable Software and Affected Versions: Insulet Omnipod Insulin Management System versions with product ID 19191 and 40160 Description: The wireless RF communication protocol used by the Insulet Omnipod Insulin Management System does not properly implement authentication or...

Hitachi Energy Retail Operations and CSB Software

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: Retail Operations and Counterparty Settlement and Billing CSB Product Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

CVE-2021-35534

Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal databas...

CVE-2021-43551

CVE-2021-43551 affects OSIsoft PI Vision. A remote attacker with write access can inject code into a display (cross‑site scripting), potentially causing information disclosure, modification, or deletion when a victim loads/interacts with the infected display in Internet Explorer. PI Vision prior ...

CVE-2021-35528

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...

CVE-2021-35528

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...

Improper access control

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...

CVE-2021-35528

CVE-2021-35528 — Hitachi Energy Retail Operations/CSB is an improper access control vulnerability (CWE-284) in the application’s authentication/authorization that relies on local session validation, enabling an unauthorized, signed Java Applet JAR to be executed. Affected versions: Hitachi Energy...

CVE-2021-35528 Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB)

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing CSB allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or...

PT-2021-6986 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.28 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of the MySQL Server system management database. This can be exploited by a remote attacker to gain...