CVE-2023-47801

An issue was discovered in Click Studios Passwordstate before 9811. Existing users Security Administrators could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password...

CVE-2023-47801

An issue was discovered in Click Studios Passwordstate before 9811. Existing users Security Administrators could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password...

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture. Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities...

GO-2023-2158 Google Sheet API key disclosure in github.com/grafana/google-sheets-datasource

Error messages for the Google Sheets data source plugin were improperly sanitized. The Google Sheet API-key could potentially be exposed...

CVE-2023-46723

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

Code injection

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

CVE-2023-46723 lte-pic32-writer's sendto.txt may disclose URL and the API key

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

CVE-2023-46723

The CVE-2023-46723 issue affects lte-pic32-writer (versions 0.0.1 and earlier). The root cause is that the sendto.txt file can be read by anyone with knowledge of the IMEI, potentially exposing contained SNS URLs and API keys. Documented impact centers on confidentiality (exposure of keys/URLs); ...

CVE-2023-46723 lte-pic32-writer's sendto.txt may disclose URL and the API key

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

CVE-2023-46723 lte-pic32-writer's sendto.txt may disclose URL and the API key

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

OPENSUSE-SU-2023:0334-1 Security update for python-bugzilla

This update for python-bugzilla fixes the following issues: - Fixed potential API Key leak boo1215718...

Security update for python-bugzilla (important)

openSUSE Security Update: Security update for python-bugzilla Announcement ID: openSUSE-SU-2023:0334-1 Rating: important References: 1215718 Affected Products: openSUSE Backports SLE-15-SP5 An update that contains security fixes can now be installed. Description: This update for python-bugzilla...

PT-2023-35515 · Unknown · Python-Bugzilla

Name of the Vulnerable Software and Affected Versions: python-bugzilla affected versions not specified Description: The issue concerns a potential API Key leak. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world...

Information Disclosure

github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...

CVE-2023-4021

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

GHSA-37X5-QPM8-53RQ Google Sheets data source plugin for Grafana information disclosure vulnerability

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

Google Sheets data source plugin for Grafana information disclosure vulnerability

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

CVE-2023-4457

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...