545 matches found
PT-2024-39023 · Planet Technology · Planet Technology Switch
Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns the use of an insecure hashing function to hash user passwords without salting. Remote attackers with administrator privileges can read...
PT-2024-10395 · Unknown · Mxview One
Name of the Vulnerable Software and Affected Versions: MXview One affected versions not specified Description: The issue allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure...
Azure CLI Credentials Gatherer
This module will collect the Azure CLI 2.0+ az cli settings files for all users on a given target. These configuration files contain JWT tokens used to authenticate users and other subscription information. Once tokens are stolen from one host, they can be used to impersonate the user from a...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...
PT-2024-33090 · Edito Cms · Edito Cms
Name of the Vulnerable Software and Affected Versions: Edito CMS versions 3.5 through 3.25 Description: The issue allows unauthenticated users to download configuration files, leading to sensitive data leakage. The problem was resolved in releases dated from January 10th, 2014. Recommendations: F...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...
Server-Side Request Forgery (SSRF)
vufind/vufind is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the /Upgrade/FixConfig route, which allows remote attackers to overwrite local configuration files...
CVE-2024-3182
Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service EMS password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...
PT-2024-24227 · Tibco · Tibco Hawk
Name of the Vulnerable Software and Affected Versions: TIBCO Hawk versions 6.2.0 through 6.2.3 Description: The issue allows a user's Enterprise Message Service EMS password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files due to an install-type password disclosure...
Fedora 40 : libeconf (2023-52b5309835)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-52b5309835 advisory. Automatic update for libeconf-0.5.2-1.fc40. Changelog Mon Aug 28 2023 Iker Pedrosa - 0.5.2-1 - Update to 0.5.2 RH1980774 - Fix CVE-2023-22652...
CVE-2024-31587
SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request...
Medium: c-ares
Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...
Medium: c-ares
Issue Overview: c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files...
CVE-2023-45596
A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
AZL-34463 CVE-2024-25629 affecting package python-gevent for versions less than 21.1.2-3
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
AZL-34578 CVE-2024-25629 affecting package c-ares for versions less than 1.30.0-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
AZL-43501 CVE-2024-25629 affecting package python-pycares 3.1.1-3
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
AZL-34462 CVE-2024-25629 affecting package nodejs18 for versions less than 18.20.2-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
AZL-34687 CVE-2024-25629 affecting package fluent-bit for versions less than 3.0.6-1
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...