DEBIAN-CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

ALPINE-CVE-2024-25629

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

Design/Logic Flaw

kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the config.json file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious...

PT-2024-21294 · Unknown · Electroncord

Name of the Vulnerable Software and Affected Versions: ElectronCord affected versions not specified Description: ElectronCord is a bot management tool for Discord. A commit exposes an account access token in the config.json file. Malicious actors could potentially exploit this to gain unauthorize...

Medium: graphviz

Issue Overview: buffer overflow via a crafted config6a file NOTE: Crosses no security boundary, config files are under local control NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441 NOTE: Introduced by: https://gitlab.com/graphviz/graphviz/-/commit/cf95714837f06f684929b54659523c2c9b1fc19f...

Medium: graphviz

Issue Overview: buffer overflow via a crafted config6a file NOTE: Crosses no security boundary, config files are under local control NOTE: https://gitlab.com/graphviz/graphviz/-/issues/2441 NOTE: Introduced by: https://gitlab.com/graphviz/graphviz/-/commit/cf95714837f06f684929b54659523c2c9b1fc19f...

PT-2024-5288 · Zyxel · Zyxel Wbe660S

Name of the Vulnerable Software and Affected Versions: Zyxel WBE660S versions 6.70ACGG.3 and earlier Description: The issue is related to improper privilege management, which could allow an authenticated user to escalate privileges and download configuration files on a vulnerable device. This is...

jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin

A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...

jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin

A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root.

...

Sql injection

A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dniprofe leads to sql injection. Upgrading to version 4.51.0 is able to address this...

CVE-2019-25159 mpedraza2020 Intranet del Monterroso cargos.php sql injection

A vulnerability was found in mpedraza2020 Intranet del Monterroso up to 4.50.0. It has been classified as critical. This affects an unknown part of the file config/cargos.php. The manipulation of the argument dniprofe leads to sql injection. Upgrading to version 4.51.0 is able to address this...

AZL-34237 CVE-2023-46045 affecting package graphviz for versions less than 2.42.4-10

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root...

DEBIAN-CVE-2023-46045

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root...

AZL-34768 CVE-2023-46045 affecting package graphviz for versions less than 2.42.4-12

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root...

CVE-2023-46045

Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root...

CVE-2024-23827

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

Remote code execution

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file

In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...

Design/Logic Flaw

Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configure...