Siemens APE1808 Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-2025-4614)

An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. This plugin only works with Tenable.ot...

CVE-2025-4614

CVE-2025-4614 describes an information-disclosure flaw in Palo Alto Networks PAN-OS software where an authenticated administrator can view other users’ session tokens in the firewall web UI, potentially allowing impersonation of those users. The risk is mitigated if CLI access is restricted to a ...

CVE-2025-4614

creationtimestamp| type| source ---|---|--- 2025-10-08 19:03:23+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3m2pdfeclcf2b...

CVE-2013-4614

English/pagesMacUS/wlssetcontent.html on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers shows the Wi-Fi PSK passphrase in cleartext, which allows physically proximate attackers to obtain sensitive information by reading the screen of an unattended...

CVE-2011-4614

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACKPATH parameter...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2023:4614-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4614-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE...

CVE-2023-4614

creationtimestamp| type| source ---|---|--- 2023-09-04 14:16:19+00:00| seen| https://t.me/cibsecurity/69763...

CVE-2023-4614

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

CVE-2023-4614 setThumbnailRC Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

CVE-2023-4614

LG LED Assistant is affected by CVE-2023-4614 due to a path traversal flaw in the /api/installation/setThumbnailRc endpoint, caused by insufficient validation of a user-supplied path. This unauthenticated vulnerability can be leveraged to access files in the current user context; some sources des...

CVE-2023-4614 setThumbnailRC Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /api/installation/setThumbnailRc endpoint. The issue results from the lack of prope...

CVE-2022-4614

creationtimestamp| type| source ---|---|--- 2022-12-19 22:23:13+00:00| seen| https://t.me/cibsecurity/54905...

CVE-2022-4614

CVE-2022-4614 describes a Stored XSS in the GitHub project alagrede/znote-app, affecting versions prior to 1.7.11. The vulnerability is documented across multiple sources (NVD, Red Hat, CVE List, osv, etc.), all referencing the same flaw and impact. The core issue is an XSS vulnerability introduc...

CVE-2022-4614 Cross-site Scripting (XSS) - Stored in alagrede/znote-app

Cross-site Scripting XSS - Stored in GitHub repository alagrede/znote-app prior to 1.7.11...

CVE-2022-4614 Cross-site Scripting (XSS) - Stored in alagrede/znote-app

Cross-site Scripting XSS - Stored in GitHub repository alagrede/znote-app prior to 1.7.11...

Security Bulletin: IBM DataPower Gateway affected by IBM MQ vulnerability (CVE-2019-4614)

Summary IBM has addressed the following CVE: CVE-2019-4614 Vulnerability Details CVEID: CVE-2019-4614 DESCRIPTION: IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID:...

Ubuntu 18.04 LTS / 20.04 LTS : GDM vulnerability (USN-4614-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4614-1 advisory. Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker ab...

Ubuntu: Security Advisory (USN-4614-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-4614

CVE-2020-4614 affects IBM Data Risk Manager (iDNA) 2.0.6. The issue is weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Remediation is to upgrade to v2.0.6.4 and then apply subsequent fixpacks (2.0.6.5, 2.0.6.6) in order, as detailed in ...

Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by converting an invalid message. (CVE-2019-4614)

Summary An error was found within the IBM MQ data conversion code used by MQ queue managers, and non-Java applications that perform client-side conversion that could cause a denial of service attack when parsing a specially crafted message. Vulnerability Details CVEID: CVE-2019-4614 DESCRIPTION:...