UBUNTU-CVE-2023-5226

An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...

Fan_Platform path traversal vulnerability

FanPlatform is a UI interface automation platform backend for Caoyongqi912 personal developers. 2021-04-20 and earlier versions of FanPlatform are vulnerable to a path traversal vulnerability, which stems from the failure of Flask's sendfile function to properly filter special elements in resourc...

OS Command Injection in GenieACS

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

GHSA-2877-693Q-PJ33 OS Command Injection in GenieACS

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check...

CVE-2021-46704

CVE-2021-46704 – GenieACS : In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument in lib/ui/api.ts and lib/ping.ts. The root cause is insufficient input validation combined with a missing authorization check. This can...

CVE-2021-29670

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

Authentication flaw

Tenda AC18 Router through V15.03.05.05EN and through V15.03.05.196318 CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck function in /usr/lib/lua/ngxauthserver/ngxwdas.lua file if the administrator UI Interface is set to "radius"...