CVSS: 9.0EPSS: 3%CPEs: 6EXPL: 0CVE-2022-43553
https://notcve.org/view.php?id=CVE-2022-43553
05 Dec 2022 — A remote code execution vulnerability in EdgeRouters (Version 2.0.9-hotfix.4 and earlier) allows a malicious actor with an operator account to run arbitrary administrator commands.This vulnerability is fixed in Version 2.0.9-hotfix.5 and later. Una vulnerabilidad de ejecución remota de código en EdgeRouters (Versión 2.0.9-hotfix.4 y anteriores) permite que un actor malicioso con una cuenta de operador ejecute comandos de administrador arbitrarios. Esta vulnerabilidad se solucionó en la Versión 2.0.9-hotfix.... • https://community.ui.com/releases/Security-Advisory-Bulletin-026-026/07697c65-30b3-4c06-a158-35e06534480d • CWE-250: Execution with Unnecessary Privileges •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3824 – WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-3824
06 Nov 2022 — The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento WP Admin UI Customize de WordPress anterior a 1.5.13 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar at... • https://wpscan.com/vulnerability/3ca6d724-cd79-4e07-b8d0-a8c1688abf16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35257
https://notcve.org/view.php?id=CVE-2022-35257
23 Sep 2022 — A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. Una vulnerabilidad de escalada de privilegios local en UI Desktop para Windows (versión 0.55.1.2 y anteriores) permite a un actor malicioso con acceso local a un dispositivo Windows con UI Desktop ejecutar comandos arbitrarios como SYSTEM. • https://community.ui.com/releases/Security-Advisory-Bulletin-025-025/7fc92851-054d-46d3-bdb0-fbb8f7023fed • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22570
https://notcve.org/view.php?id=CVE-2022-22570
01 Apr 2022 — A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later. Una vulnerabilidad de desbordamiento de búfer encontrada en UniFi Door Access Reader Lite (UA Lite) firmware (versión 3.8.28.24 y anteriores) permite a un actor malicioso que haya conseguido acceso a una red controlar todos los... • https://community.ui.com/releases/Security-Advisory-Bulletin-024-024/22725557-0f72-4f5d-83b0-f16252fcd4b7 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25512
https://notcve.org/view.php?id=CVE-2022-25512
10 Mar 2022 — FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. Se ha detectado que FreeTAKServer-UI versión v1.9.8, filtraba claves confidenciales de API y Websocket • https://github.com/FreeTAKTeam/UI/issues/26 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25510
https://notcve.org/view.php?id=CVE-2022-25510
10 Mar 2022 — FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. FreeTAKServer versión 1.9.8, contiene una clave secreta de Flask embebida que permite a atacantes crear cookies falsas para omitir la autenticación o escalar privilegios • https://github.com/FreeTAKTeam/FreeTakServer/issues/292 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25511
https://notcve.org/view.php?id=CVE-2022-25511
10 Mar 2022 — An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. Un problema en el argumento ?filename= de la ruta /DataPackageTable en FreeTAKServer-UI versión v1.9.8, permite a atacantes colocar archivos arbitrarios en cualquier lugar del sistema • https://github.com/FreeTAKTeam/UI/issues/29 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2022-25508
https://notcve.org/view.php?id=CVE-2022-25508
10 Mar 2022 — An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. Un problema de control de acceso en el componente /ManageRoute/postRoute de FreeTAKServer versión v1.9.8, permite a atacantes no autenticados causar una Denegación de Servicio (DoS) por medio de una cantidad inusualmente grande de rutas creadas, o crea... • https://github.com/FreeTAKTeam/FreeTakServer/issues/291 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25506
https://notcve.org/view.php?id=CVE-2022-25506
10 Mar 2022 — FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. Se ha detectado que FreeTAKServer-UI versión v1.9.8, contiene una vulnerabilidad de inyección SQL por medio del endpoint de la API /AuthenticateUser • https://github.com/FreeTAKTeam/UI/issues/27 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25507
https://notcve.org/view.php?id=CVE-2022-25507
10 Mar 2022 — FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. Se ha detectado que FreeTAKServer-UI versión v1.9.8, contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenado por medio del parámetro Callsign • https://github.com/FreeTAKTeam/UI/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •