Page 8 of 91 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. Se ha detectado que FreeTAKServer-UI versión v1.9.8, contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenado por medio del parámetro Callsign • https://github.com/FreeTAKTeam/UI/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. Se presenta una vulnerabilidad de inyección en una biblioteca de terceros usada en UniFi Network versiones 6.5.53 y anteriores (Log4J CVE-2021-44228) que permite a un actor malicioso controlar la aplicación • https://community.ui.com/releases/Security-Advisory-Bulletin-023-023/808a1db0-5f8e-4b91-9097-9822f3f90207 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. Una vulnerabilidad encontrada en el firmware de UniFi Switch versión 5.43.35 y anteriores, permite a un actor malicioso que ya ha obtenido acceso a la red llevar a cabo un ataque de denegación de servicio (DoS) en el switch afectado. Esta vulnerabilidad se ha corregido en el firmware de UniFi Switch versiones 5.76.6 y posteriores • https://community.ui.com/releases/Security-Advisory-Bulletin-022-022/cd83c01b-33e4-454a-b3b9-1c3ccebea7cb • CWE-400: Uncontrolled Resource Consumption •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. Una vulnerabilidad de intercambio de recursos entre orígenes (CORS) encontrada en la aplicación UniFi Protect versión 1.19.2 y anteriores, permite que un actor malicioso que haya convencido a un usuario con privilegios de acceder a una URL con código malicioso se haga con la cuenta de dicho usuario. Esta vulnerabilidad se ha corregido en la aplicación UniFi Protect versión 1.20.0 y posteriores • https://community.ui.com/releases/Security-Advisory-Bulletin-021-021/62bd8841-6603-4fee-9dba-73037148f173 • CWE-16: Configuration •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. Una vulnerabilidad encontrada en la aplicación UniFi Talk versiones V1.12.3 y anteriores, permiten a un actor malicioso que ya ha conseguido acceso a una red controlar posteriormente el dispositivo o dispositivos Talk asignados a dicha red si aún no han sido adoptados. Esta vulnerabilidad se ha corregido en la aplicación UniFi Talk versiones V1.12.5 y posteriores • https://community.ui.com/releases/Security-Advisory-Bulletin-020-020/8ce6a7e6-0cce-4814-8bbe-ee812cb94b1a • CWE-94: Improper Control of Generation of Code ('Code Injection') •