Lucene search
K

84 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/11 12:15 a.m.5 views

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS5.3AI score0.01073EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/11 12:15 a.m.2 views

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS5AI score0.00479EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/11 12:15 a.m.4 views

CVE-2022-25508

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

7.5CVSS5.4AI score0.01019EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/11 12:15 a.m.3 views

CVE-2022-25510

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS5.4AI score0.01035EPSS
Exploits1References2
NVD
NVD
added 2022/03/11 12:15 a.m.19 views

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS0.01073EPSS
Exploits1References1
NVD
NVD
added 2022/03/11 12:15 a.m.28 views

CVE-2022-25508

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

7.5CVSS0.01019EPSS
Exploits1References1
NVD
NVD
added 2022/03/11 12:15 a.m.19 views

CVE-2022-25511

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.5CVSS0.00719EPSS
Exploits1References1
NVD
NVD
added 2022/03/11 12:15 a.m.29 views

CVE-2022-25506

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

6.5CVSS0.00855EPSS
Exploits1References1
NVD
NVD
added 2022/03/11 12:15 a.m.37 views

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS0.00479EPSS
Exploits1References1
NVD
NVD
added 2022/03/11 12:15 a.m.26 views

CVE-2022-25510

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS0.01035EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/03/11 12:15 a.m.3 views

CVE-2022-25511

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.5CVSS5.6AI score0.00719EPSS
Exploits1References2
Prion
Prion
added 2022/03/11 12:15 a.m.17 views

Hardcoded credentials

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

6.5CVSS8.9AI score0.01035EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/03/11 12:15 a.m.17 views

Cross site scripting

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

3.5CVSS5.3AI score0.00479EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2022/03/11 12:15 a.m.6 views

PYSEC-2022-43135

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS7.3AI score0.01035EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/03/11 12:15 a.m.4 views

PYSEC-2022-43135

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS8.9AI score0.01035EPSS
Exploits1References1
OSV
OSV
added 2022/03/11 12:15 a.m.10 views

PYSEC-2022-43054

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

7.5CVSS6.9AI score0.01019EPSS
Exploits1References3
Prion
Prion
added 2022/03/11 12:15 a.m.16 views

Code injection

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

5CVSS7.4AI score0.01073EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/03/11 12:15 a.m.13 views

Design/Logic Flaw

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

5CVSS7.5AI score0.01019EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/03/11 12:15 a.m.10 views

Sql injection

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

4CVSS6.6AI score0.00855EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/03/11 12:15 a.m.12 views

Information disclosure

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

4CVSS6.4AI score0.00719EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder