SUSE CVE-2019-3800

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

SUSE CVE-2019-16542

Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

SUSE CVE-2021-32802

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

SUSE CVE-2022-31213

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

FUJIFILM Driver Distributor 加密问题漏洞

FUJIFILM Driver Distributor is a driver from FUJIFILM. A security vulnerability exists in FUJIFILM Driver Distributor v2.2.3.1 and earlier versions, which originates from passwords being stored in a recoverable format, and encrypted administrator credentials can be decrypted if an attacker gains...

OpenMage Magento Lts 代码问题漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A code issue vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which originates from an administrator who has the right to upload files and create products via DataFlow, and can execute arbitrary code...

PT-2023-14124 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: Several OS command injection vulnerabilities exist in the m2m binary. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network...

Exploit for Cleartext Storage of Sensitive Information in Keepass

CVE-2023-24055 POC and Scanner for CVE-2023-24055 Use at your...

CVE-2023-24055

KeePass through 2.53 in a default installation allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has...

CVE-2022-45439

A pair of spare WiFi credentials is stored in the configuration file of the Zyxel AX7501-B0 firmware prior to V5.17ABPC.3C0 in cleartext. An unauthenticated attacker could use the credentials to access the WLAN service if the configuration file has been retrieved from the device by leveraging...

PT-2023-9752 · Mozilla · Convict

Name of the Vulnerable Software and Affected Versions: Mozilla Convict versions prior to 6.2.4 Description: The issue is related to improperly controlled modification of object prototype attributes, also known as "prototype pollution." This allows an attacker to inject attributes that are used in...

kubernetes security update

kubernetes 1.21.14-3 - Addresses CVE-2022-3294 & CVE-2022-3162 1.21.14-2 - Fixed kubernetes-cni version. 1.21.14-1 - Addresses CVE-2022-3172 olcne 1.4.9-2 - Fix 1.21 kubernetes version to align with last upstream release 1.4.9-1 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21...

CVE-2022-26885 Apache DolphinScheduler config file read by task risk

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

CVE-2022-26885 Apache DolphinScheduler config file read by task risk

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

The vulnerability of the ConfigFileUpload() function in the web interface for managing D-Link DIR-1935 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the ConfigFileUpload function in the web interface for managing D-Link DIR-1935 router microprogramming software is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Jenkins Config File Provider Plugin External Entity Injection (CVE-2021-21642)

An XXE vulnerability exists in Jenkins Config File Provider Plugin. The vulnerability is due to insufficient validation of XML data when utilizing Config File Provider Plugin...

CVE-2022-44725

OPC Foundation Local Discovery Server LDS through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS running as a high-privilege user...

PT-2022-6840 · Opc Foundation · Opc Foundation Local Discovery Server

Name of the Vulnerable Software and Affected Versions: OPC Foundation Local Discovery Server LDS versions 1.04.403.478 and earlier Description: The issue is related to the incorrect assignment of permissions for a critical resource in the Local Discovery Server LDS of the Siemens software. This...

Powercom UPSMON PRO 安全漏洞

Powercom UPSMON PRO is a multi-platform client-server software from Powercom that allows remote monitoring and control of UPS via SNMP, HTTP and UDP. A security vulnerability exists in Powercom UPSMON PRO, which is caused by a configuration file that stores user passwords in clear text in the...

Arbitrary Code Execution

jupytercore is vulnerable to arbitrary code execution. The vulnerability exists in the configfilepaths function in application.py which executes untrusted files in the current working directory, allowing one user to run code as another...