IBM Spectrum Protect Operations Center 安全漏洞

IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for the IBM Spectrum Protect environment. IBM Spectrum Protect Operations Center versions 8.1.0.000 through 8.1.14 versions contain an information disclosure vulnerability that can be exploited by an...

PT-2022-15466 · Ibm · Ibm Spectrum Protect Server +1

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14 Description: A remote attacker could perform a brute force attack by making unlimited attempts to login to the storage agent without locking the administrative ID. This could allow...

curl 安全漏洞

curl is a tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.69.0 through 7.83.1, which stems from the fact that curl can accidentally inflate the permissions of a target file during a rename operation...

Zulip 安全漏洞

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A logic error vulnerability exists in Zulip versions 2.1.0 through 5.2, which originates when the server incorrectl...

CVE-2022-23056

In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack...

Directus 代码问题漏洞

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A code issue vulnerability exists in Directus versions v9.0.0-beta.2 through 9.6.0, which stems from a server-side request forgery SSRF vulnerability in the media upload feature. An attacker could us...

PT-2022-15837 · Unknown · Openlibrary

Name of the Vulnerable Software and Affected Versions: openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 Description: The issue is related to Reflected XSS. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...

habitica 输入验证错误漏洞

habitica is an open-source habit-forming program open-sourced by HabitRPG USA. An input validation error vulnerability exists in habitica versions v4.119.0 through v4.232.2. An attacker exploits this vulnerability to open redirects via the login page...

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext versions v11.0.0-beta through v13.0.2, which stems from vulnerability to lack of authorization in chat room functionality, and can be exploited by an attacker to send a...

Recipes 跨站脚本漏洞

Recipes are apps for managing recipes, planning meals, creating shopping lists, and more. A cross-site scripting vulnerability exists in Recipes versions 0.17.0 through 1.2.5, which stems from the vulnerability to stored cross-site scripting XSS in the "Name" field of the Keywords, Foods, and Uni...

org.apache.nifi:nifi-bootstrap (>=1.14.0 <=1.15.3), org.apache.nifi:nifi-single-user-iaa-providers (>=1.14.0 <=1.15.3) +2 more potentially affected by CVE-2022-26850 via org.apache.nifi:nifi-single-user-utils (>=1.14.0 <=1.15.3)

org.apache.nifi:nifi-single-user-utils MAVEN version =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.3 Source cves: CVE-2022-26850 Source advisory: OSV:GHSA-RVP4-R3G6-8HXQ...

CVE-2022-23071

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery SSRF, in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information...

abd-clam (>=0.10.0-dev0 <=0.12.1), adbc_core (=0.14.0) +286 more potentially affected by unknown CVE via arrow (>=0.16.0 <=5.5.0)

arrow CARGO version =0.16.0, =0.10.0-dev0, =0.6.0, =0.6.0, =0.2.0, =0.4.0, =0.3.0, =0.2.0, =2.0.0, =0.2.0, =0.1.0, =0.2.0 - arrow-graph-core =0.1.0 - arrow-graph-git =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-R7CJ-WMWV-HFW5...

aiidalab-widgets-base (>=1.3.4 <=2.0.0a1), appyter (>=0.18.3 <=0.18.11) +53 more potentially affected by CVE-2022-29241 via jupyter-server (>=0.0.5 <=1.17.0)

jupyter-server PYPI version =0.0.5, =1.3.4, =0.18.3, =0.0.0, =0.1.0rc1, =0.0.1.post7, =0.1.2, =1.2.0, =0.0.0, =0.0.1.dev7, =0.1.7, =0.1.1.10, =0.1.6.2, =0.3.0, =0.6.0 and more Source cves: CVE-2022-29241 Source advisory: OSV:GHSA-Q874-G24W-4Q9G...

CVE-2021-41418

AriaNg v0.1.0v1.2.2 is affected by an incorrect access control vulnerability through not authenticating visitors' access rights...

ABB Drive Composer 后置链接漏洞

ABB Drive Composer is a 32-bit Windows application from ABB Switzerland. It is used to commission and maintain ABB Common Architecture drives. A security vulnerability exists in ABB Drive Composer that originates from a vulnerability that allows a low-privileged attacker to create and write files...

PT-2022-11394 · Ariang · Ariang

Name of the Vulnerable Software and Affected Versions: AriaNg versions 0.1.0 through 1.2.2 Description: The issue is related to incorrect access control, where the system fails to authenticate visitors' access rights, potentially allowing unauthorized access. Recommendations: For versions 0.1.0...

CVE-2022-32193

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor...

CVE-2022-30611

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page whic...

IBM Spectrum Copy Data Management 跨站请求伪造漏洞

IBM Spectrum Copy Data Management, an IBM company that modernizes, simplifies and automates data center copy management processes, is vulnerable to cross-site request forgery in IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0. An attacker could exploit the vulnerability to...