Lucene search
K

144 matches found

NVD
NVD
added 2024/11/13 3:15 p.m.20 views

CVE-2024-11165

An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...

5.7CVSS0.00137EPSS
Exploits0References1
OSV
OSV
added 2024/11/13 3:15 p.m.7 views

CVE-2024-11165

An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...

5.7CVSS6.2AI score
Exploits0References1
CVE
CVE
added 2024/11/13 2:19 p.m.40 views

CVE-2024-11165

CVE-2024-11165 describes an information disclosure in the backup configuration flow where the SAS token is not masked in the response, causing plaintext leakage in the yb_backup logs. Affected: YugabyteDB Anywhere versions 2.20.0.0–2.20.6.0, 2.23.0.0–2.23.0.0, and 2024.1.0.0–2024.1.2.0 (per PT-20...

5.7CVSS6.5AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/13 2:19 p.m.15 views

CVE-2024-11165

An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...

5.7CVSS0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/13 12:0 a.m.4 views

PT-2024-16795 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 YugabyteDB versions prior to D37715 Description: An information disclosur...

5.7CVSS6.7AI score0.00137EPSS
Exploits0References9
OSV
OSV
added 2024/10/08 4:15 p.m.3 views

CVE-2024-47950

In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings...

5.4CVSS5.8AI score0.01431EPSS
Exploits0References1
NVD
NVD
added 2024/10/08 4:15 p.m.22 views

CVE-2024-47950

In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings...

5.4CVSS0.01431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/08 3:48 p.m.15 views

CVE-2024-47950

In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings...

3.5CVSS6AI score0.01431EPSS
Exploits0References1
CVE
CVE
added 2024/10/08 3:48 p.m.54 views

CVE-2024-47950

CVE-2024-47950 affects JetBrains TeamCity prior to 2024.07.3 and corresponds to a stored XSS vulnerability in the Backup configuration settings. The issue arises from handling backup configuration data, enabling an attacker to inject script that could be stored and later executed in a victim’s br...

5.4CVSS3.8AI score0.01431EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/13 7:15 a.m.4 views

CVE-2023-41673

An improper authorization vulnerability CWE-285 in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests...

5.4CVSS5.8AI score0.00383EPSS
Exploits0References1
NVD
NVD
added 2023/08/09 7:15 p.m.14 views

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

9.8CVSS9.8AI score0.02977EPSS
Exploits1References2
OSV
OSV
added 2023/08/09 7:15 p.m.19 views

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

9.8CVSS8.3AI score
Exploits0References2
Prion
Prion
added 2023/08/09 7:15 p.m.21 views

Command injection

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

7.5CVSS9.6AI score0.02977EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/08/09 12:0 a.m.15 views

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

10AI score0.02977EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/08/09 12:0 a.m.16 views

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

8.1AI score0.02977EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/13 8:25 p.m.32 views

CVE-2023-2638 Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...

5.9CVSS5.8AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/13 8:25 p.m.13 views

CVE-2023-2638 Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...

5.9CVSS7AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2023/05/30 5:15 p.m.3 views

CVE-2022-46361

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...

6.8CVSS5.9AI score0.00288EPSS
Exploits0References1
Prion
Prion
added 2023/02/23 8:15 p.m.14 views

Authorization

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

1.7CVSS6.4AI score0.0011EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/02/23 12:0 a.m.67 views

CVE-2023-20016

CVE-2023-20016 affects Cisco UCS Manager Software and Cisco FXOS Software backups/export files. The root issue is a weakness in the backup encryption method using a static key, which could let an unauthenticated attacker with access to a backup decrypt sensitive data stored in full state and conf...

6.5CVSS6.3AI score0.0011EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder