144 matches found
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
CVE-2024-11165
CVE-2024-11165 describes an information disclosure in the backup configuration flow where the SAS token is not masked in the response, causing plaintext leakage in the yb_backup logs. Affected: YugabyteDB Anywhere versions 2.20.0.0–2.20.6.0, 2.23.0.0–2.23.0.0, and 2024.1.0.0–2024.1.2.0 (per PT-20...
CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the ybbackup log files, exposing the SAS token in plaintext. The leakage occurs during...
PT-2024-16795 · Yugabyte · Yugabytedb
Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 YugabyteDB versions prior to D37715 Description: An information disclosur...
CVE-2024-47950
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings...
CVE-2024-47950
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings...
CVE-2024-47950
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings...
CVE-2024-47950
CVE-2024-47950 affects JetBrains TeamCity prior to 2024.07.3 and corresponds to a stored XSS vulnerability in the Backup configuration settings. The issue arises from handling backup configuration data, enabling an attacker to inject script that could be stored and later executed in a victim’s br...
CVE-2023-41673
An improper authorization vulnerability CWE-285 in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
Command injection
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2023-39001
A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...
CVE-2023-2638 Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...
CVE-2023-2638 Rockwell Automation FactoryTalk System Services Vulnerable to a Denial-of-Service Attack
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin...
CVE-2022-46361
An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to...
Authorization
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...
CVE-2023-20016
CVE-2023-20016 affects Cisco UCS Manager Software and Cisco FXOS Software backups/export files. The root issue is a weakness in the backup encryption method using a static key, which could let an unauthenticated attacker with access to a backup decrypt sensitive data stored in full state and conf...