39 matches found
CVE-2024-6344
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...
CVE-2024-6344 ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...
CVE-2024-6344 ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attac...
CVE-2024-6344
The CVE-2024-6344 issue affects ZKTeco ZKBio CVSecurity V5000, version 4.1.0, in the Push Configuration Section where modifying the Configuration Name enables cross-site scripting. Attacks are described as remotely initiable. Remediation per sources is to upgrade to ZKBio CVSecurity V6600 6.1.3_R...
ZKTeco ZKBio CVSecurity V5000 Code Injection Vulnerability
ZKTeco ZKBio CVSecurity is a series of biometric solutions from the Chinese company ZKTeco. A code injection vulnerability exists in ZKTeco ZKBio CVSecurity V5000 version 4.1.0, which stems from the manipulation of the parameter Configuration Name can lead to cross-site scripting...
PT-2024-37554 · Zkteco · Zkbio Cvsecurity V5000
Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity V5000 version 4.1.0 Description: A problematic issue was found in the Push Configuration Section component. The manipulation of the Configuration Name argument leads to cross-site scripting. It is possible to initiate...
CVE-2024-6006
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launch...
CVE-2024-6006 ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launch...
CVE-2024-6006
CVE-2024-6006 affects ZKTeco ZKBio CVSecurity V5000 4.1.0, specifically the Summer Schedule Handler’s Schedule Name argument. Exploitation allows cross-site scripting and may be triggered remotely; the exploit has been disclosed. The vendor notes ZKBio Security V5000 was withdrawn and recommends ...
CVE-2024-6006 ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launch...
CVE-2024-6005 ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be...
CVE-2024-6005 ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be...
Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in Java SE affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are CVE-2019-2989...
Security Bulletin: SAN Volume Controller and Storwize Family systems are affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID:CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...
Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family (CVE-2014-0094)
Summary Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0094 Vulnerability Details Security Bulletin --- Summary --- Apache Struts ParametersInterceptor security bypass. Vulnerability Details --- CVEID: CVE-2014-0094 DESCRIPTION: Apache Strut...
Security Bulletin: Vulnerabilities in Apache Struts affect SAN Volume Controller and Storwize Family (CVE-2016-0785 CVE-2016-2162)
Summary Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by SAN Volume Controller and Storwize Family in its Service Assistant GUI. Vulnerability Details CVEID: CVE-2016-0785 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code o...
Security Bulletin: Vulnerability in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2019-2602)
Summary A vulnerability in the IBM® Runtime Environment Java™ Technology Edition affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The...
Security Bulletin: GUI DOS vulnerability in SAN Volume Controller and Storwize Family (CVE-2014-0050)
Summary Security Bulletin: Security Bulletin: GUI DoS vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0050 Vulnerability Details Security Bulletin --- Summary --- GUI interface can be disrupted by exploitation of Apache Tomcat vulnerability Vulnerability Details --- CVEID:...
Security Bulletin: OpenSSL vulnerability in Lenovo SAN Volume Controller and Storwize Family (CVE-2014-0224)
Summary Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0094 Vulnerability Details Security Bulletin --- Summary --- Security vulnerability in OpenSSL Vulnerability Details --- CVEID: CVE-2014-0224 DESCRIPTION : SSL/TLS MITM vulnerability An...
Security Bulletin: Configuring Volume Throttling on Storwize V3500, V3700, V5000 and V7000 (Gen 2) with V7.5.0.0-V7.5.0.2 may cause a loss of access to data
Summary Abstract Changing the volume throttling attribute on a Storwize V3500, V3700, V5000 or V7000 Gen 2 system with V7.5.0.0-V7.5.0.2 may cause node canisters in the system to go offline with a node error 564, requiring manual recovery. Content Vulnerability Details Abstract Changing the volum...