Lucene search
+L

118 matches found

NVD
NVD
added 2023/08/08 6:15 p.m.20 views

CVE-2023-36535

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access...

7.1CVSS6.6AI score0.01032EPSS
Exploits0References1
OSV
OSV
added 2023/08/08 6:15 p.m.3 views

CVE-2023-36535

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access...

6.5CVSS5.8AI score0.01032EPSS
Exploits0References1
Prion
Prion
added 2023/08/08 6:15 p.m.21 views

Information disclosure

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access...

3.3CVSS4.8AI score0.00931EPSS
Exploits0References1Affected Software3
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.7 views

Zoom Client Security Vulnerability

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability previously existed in Zoom Client version 5.14.10, which stemmed from a client-side implementation issue with server-side security...

7.1CVSS6.8AI score0.01032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.4 views

PT-2023-26836 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom versions prior to 5.14.10 Description: The issue is related to client-side enforcement of server-side security in Zoom clients, which may allow a privileged user to enable information disclosure via network access. Recommendations: For...

6.1CVSS4.8AI score0.00931EPSS
Exploits0References5
Prion
Prion
added 2023/06/30 5:15 a.m.19 views

Design/Logic Flaw

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...

5.8CVSS7.5AI score0.00679EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/30 4:1 a.m.21 views

CVE-2023-32612

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege...

7.8AI score0.00679EPSS
Exploits0References2
NVD
NVD
added 2023/05/23 2:15 a.m.20 views

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

5.4CVSS5.7AI score0.00508EPSS
Exploits0References3
Prion
Prion
added 2023/05/23 2:15 a.m.16 views

Design/Logic Flaw

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

4.9CVSS6.6AI score0.00508EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.13 views

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

7.2AI score0.00508EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/06 10:19 p.m.8 views

CVE-2022-1525 Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...

9.1CVSS9.4AI score0.00694EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/06 10:19 p.m.25 views

CVE-2022-1525 Cognex 3D-A1000 Dimensioning System Client-Side Enforcement of Server-Side Security

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web access controls by inspecting and modifying the source code of password protected web elements...

9.1CVSS9.5AI score0.00694EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/10/12 4:3 p.m.27 views

Risk of code injection

Impact Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side security issues Patches Temporarily removed the problematic route and added a no-new-func rule to eslint Self-built users should upgrade to 7f1c430 and later as soon...

9.8CVSS0.5AI score0.01572EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/01/26 9:15 p.m.23 views

CVE-2021-21278

RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 non-semantic versioning there is a risk of code injection. Some routes use eval or Function constructor, which may be injected by the target site with unsafe code, causing server-side securi...

9.8CVSS9.3AI score0.01572EPSS
Exploits0References3
NVD
NVD
added 2017/11/22 8:29 a.m.16 views

CVE-2017-8864

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if !passwordsAreEqual" test...

10CVSS9.5AI score0.02331EPSS
Exploits0References1
Prion
Prion
added 2017/10/17 10:29 p.m.14 views

Design/Logic Flaw

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or...

6.8CVSS6.2AI score0.00934EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/10/17 10:0 p.m.21 views

CVE-2017-14013

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or...

5.5AI score0.00934EPSS
Exploits0References2
CVE
CVE
added 2017/10/17 10:0 p.m.47 views

CVE-2017-14013

The CVE-2017-14013 issue is confirmed in ProMinent MultiFLEX M10a Controller web interface, where the logout function removes the user’s session only on the client side (Client-Side Enforcement of Server-Side Security). This allows potential bypass of protection mechanisms and identity impersonat...

6.8CVSS5.5AI score0.00934EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder