Lucene search
K

84 matches found

PyPA
PyPA
added 2022/03/11 12:15 a.m.7 views

PYSEC-2022-43135

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS7.3AI score0.01035EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.21 views

FreeTAKServer 访问控制错误漏洞

FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTAKServer suffers from an access control error vulnerability, which stems from the fact that Endpoint/ManageRoute/postRoute can be accessed without authentication, and can be...

7.5CVSS5.7AI score0.01019EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.4 views

FreeTAKServer 信任管理问题漏洞

FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTakServer suffers from a trust management issue vulnerability that stems from the fact that the Flask Secrets Key has three relevant locations that are hard-coded, which can be...

8.8CVSS5.7AI score0.01035EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.5 views

FreeTAKServer-UI 安全漏洞

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI has a security vulnerability that could be exploited by an attacker to place arbitrary files anywhere on the system...

6.5CVSS5.8AI score0.00719EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.7 views

FreeTAKServer-UI 信息泄露漏洞

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...

7.5CVSS5.3AI score0.01073EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/03/10 11:35 p.m.16 views

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.7AI score0.01073EPSS
Exploits1References1
CVE
CVE
added 2022/03/10 11:35 p.m.131 views

CVE-2022-25512

CVE-2022-25512 affects FreeTAKServer-UI v1.9.8. The root cause described in connected documents is that the WebUI leaks sensitive tokens (API and Websocket) in the JavaScript source, enabling information disclosure. The CVSS data from NVD indicates a high confidentiality impact (C:H) with network...

7.5CVSS7.4AI score0.01073EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/03/10 11:35 p.m.23 views

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS6.9AI score0.01073EPSS
Exploits1References3
CVE
CVE
added 2022/03/10 11:35 p.m.125 views

CVE-2022-25511

FreeTAKServer-UI v1.9.8 contains a path traversal vulnerability in the ?filename= parameter of the /DataPackageTable route that can allow attackers to place arbitrary files on the system. This is documented across multiple sources (CVE-2022-25511 and related advisories). The exact root cause is n...

6.5CVSS6.3AI score0.00719EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/10 11:35 p.m.23 views

CVE-2022-25511

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.7AI score0.00719EPSS
Exploits1References1
CVE
CVE
added 2022/03/10 11:35 p.m.123 views

CVE-2022-25510

The CVE-2022-25510 issue affects FreeTAKServer 1.9.8, where a hardcoded Flask secret key enables attackers to craft cookies to bypass authentication or escalate privileges. Root cause: the Flask secret key is stored in code/config instead of being externally supplied, compromising session integri...

8.8CVSS8.8AI score0.01035EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/10 11:35 p.m.25 views

CVE-2022-25510

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

9.2AI score0.01035EPSS
Exploits1References1
OSV
OSV
added 2022/03/10 11:35 p.m.12 views

CVE-2022-25511

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.5CVSS6.8AI score0.00719EPSS
Exploits1References3
OSV
OSV
added 2022/03/10 11:35 p.m.18 views

CVE-2022-25510

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS7.2AI score0.01035EPSS
Exploits1References3
OSV
OSV
added 2022/03/10 11:35 p.m.17 views

CVE-2022-25508

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

7.5CVSS7.5AI score0.01019EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/03/10 11:35 p.m.29 views

CVE-2022-25508

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

7.7AI score0.01019EPSS
Exploits1References1
CVE
CVE
added 2022/03/10 11:35 p.m.114 views

CVE-2022-25508

FreeTAKServer v1.9.8 has an access control vulnerability in the /ManageRoute/postRoute endpoint that allows unauthenticated users to cause a DoS by creating an unusually large number of routes (or unsafe/false routes). The issue is documented across multiple sources (NVD, OSV, CNVD, GHSA/GitHub a...

7.5CVSS7.4AI score0.01019EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/10 11:35 p.m.31 views

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.5AI score0.00479EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/03/10 11:35 p.m.25 views

CVE-2022-25506

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

6.9AI score0.00855EPSS
Exploits1References1
OSV
OSV
added 2022/03/10 11:35 p.m.21 views

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS5.8AI score0.00479EPSS
Exploits1References3
Rows per page
Query Builder