Lucene search
K

5383 matches found

NVD
NVD
added 2023/07/25 8:15 p.m.15 views

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

7.5CVSS7.7AI score0.00514EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/07/25 8:15 p.m.6 views

CVE-2022-46902

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...

7.5CVSS7AI score0.00532EPSS
Exploits0References3
NVD
NVD
added 2023/07/25 8:15 p.m.11 views

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

9.8CVSS9.5AI score0.00683EPSS
Exploits0References2
Prion
Prion
added 2023/07/25 8:15 p.m.24 views

Design/Logic Flaw

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

5CVSS7.7AI score0.00683EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/07/25 8:15 p.m.25 views

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...

5CVSS7.7AI score0.00683EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2023/07/25 8:15 p.m.23 views

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

7.5CVSS9.4AI score0.00683EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2023/07/25 6:4 p.m.29 views

GHSA-4QCV-QF38-5J3J Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

4.7CVSS4.6AI score0.00278EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/07/25 6:4 p.m.32 views

Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

4.7CVSS6.8AI score0.00278EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2023/07/25 12:15 p.m.25 views

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

4.7CVSS4.5AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2023/07/25 12:15 p.m.18 views

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

4.7CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2023/07/25 12:15 p.m.20 views

Cross site scripting

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

4.3CVSS4.6AI score0.00278EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/07/25 11:13 a.m.2512 views

CVE-2023-2850

CVE-2023-2850 affects NodeBB and is a Cross-Site WebSocket Hijacking vulnerability caused by missing validation of the request origin. The issue can lead to leakage of certain user information. Publicly documented details identify affected NodeBB lines as NodeBB 2.x before 2.8.13 and 3.x before 3...

4.7CVSS4.4AI score0.00278EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/25 11:13 a.m.17 views

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

4.7CVSS6.4AI score0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/25 11:13 a.m.28 views

CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

4.7CVSS4.8AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.4 views

PT-2023-15102 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that permits the...

9.8CVSS6.8AI score0.00683EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/07/25 12:0 a.m.20 views

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

7.9AI score0.00514EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.5 views

Vocera Report Server 安全漏洞

Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8 that stems from the fact that the Vocera...

9.8CVSS7.2AI score0.00683EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/07/25 12:0 a.m.18 views

CVE-2022-46901

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...

7.1AI score0.00514EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/25 12:0 a.m.25 views

CVE-2022-46902

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the...

8AI score0.00532EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.5 views

PT-2023-21763 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions prior to 2.8.13 NodeBB versions prior to 3.1.3 Description: The issue is related to a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. This allows certain user information to be...

4.7CVSS4.4AI score0.00278EPSS
Exploits0References11
Rows per page
Query Builder