21 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-12564
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service...
CVE-2024-12564
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things...
CVE-2024-12564
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things...
CVE-2024-12564
creationtimestamp| type| source ---|---|--- 2024-12-12 07:47:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113638746073551647 2024-12-12 09:39:00+00:00| seen| https://t.me/cvedetector/12753...
CVE-2024-12564
CVE-2024-12564 affects Open Design Alliance CDE inWEB SDK prior to 2025.3. The vulnerability arises from default CDE Server settings that allow unauthorized users to access the Prometheus metrics page, exposing information about the target application. Impact is described as exposure of sensitive...
Oracle Linux 8 : kubernetes (ELSA-2023-12564)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12564 advisory. - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - CVE-2023-27496 - CVE-2023-27488 - CVE-2023-27493 - CVE-2023-27492 - CVE-2023-27491 -...
SUSE CVE-2017-12564
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service...
CVE-2020-12564
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...
CVE-2019-12564
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames...
CVE-2019-12564
CVE-2019-12564 affects DouCo DouPHP v1.5 Release 20190516. The issue allows remote attackers to view database backups by brute-forcing filenames data/backup/DyyyymmddThhmmss.sql, leading to partial/backup data exposure. Connected Red Hat and NVD entries corroborate the vulnerability description; ...
Debian: Security Advisory (DLA-1404-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1404-1 : lava-server security update
CVE-2018-12564 Using the feature to add URLs in the submit page, a user might be able to read any file on the server that is readable by lavaserver and consists of valid yaml. So with this patch the feature is disabled again. For Debian 8 'Jessie', these problems have been fixed in version...
[SECURITY] [DLA 1404-1] lava-server security update
Package : lava-server Version : 2014.09.1-1+deb8u1 CVE ID : CVE-2018-12564 CVE-2018-12564 Using the feature to add URLs in the submit page, a user might be able to read any file on the server that is readable by lavaserver and consists of valid yaml. So with this patch the feature is disabled...
Debian DSA-4234-1 : lava-server - security update
Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call. C Tenable Network...
uscutter.com XSS vulnerability
Open Bug Bounty ID: OBB-634144 Description| Value ---|--- Affected Website:| uscutter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-12564
CVE-2018-12564 affects LAVA (lava-server) where support for URLs in the submit page can be abused to force lava-server-gunicorn to read arbitrary server files readable by lavaserver and containing valid YAML. Impact per the sources is information disclosure (no explicit compromise of integrity/av...
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:0130-1)
This update for ImageMagick fixes several issues. These security issues were fixed : - CVE-2018-5246: Fixed memory leak vulnerability in ReadPATTERNImage in coders/pattern.c bsc1074973 - CVE-2017-18022: Fixed memory leak vulnerability in MontageImageCommand in MagickWand/montage.c bsc1074975 -...
SUSE-SU-2018:0132-1 Security update for ImageMagick
This update for ImageMagick fixes several issues. These security issues were fixed: - CVE-2017-12672: Fixed a memory leak vulnerability in the function ReadMATImage in coders/mat.c, which allowed attackers to cause a denial of service bsc1052720. - CVE-2017-13060: Fixed a memory leak vulnerabilit...
CVE-2017-12564
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service...
CVE-2017-12564
CVE-2017-12564 is an ImageMagick memory-leak vulnerability in ReadMATImage (coders/mat.c) that can lead to denial of service. The linked OpenVAS/OSV entries indicate this CVE was addressed in ImageMagick updates (notably SUSE openSUSE/SLE/SLES advisories) with fixes across the MAT handling path, ...