545 matches found
AZL-34456 CVE-2024-25629 affecting package grpc for versions less than 1.42.0-9
c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...
PT-2024-1920 · C-Ares +9 · C-Ares +9
Name of the Vulnerable Software and Affected Versions: c-ares versions prior to 1.27.0 Description: The issue is related to the ares read line function in the c-ares library, which is used for asynchronous DNS requests. This function parses local configuration files such as /etc/resolv.conf,...
CVE-2023-50772
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
Artica Pandora FMS Path Traversal Vulnerability
Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A path traversal vulnerability exists in Artica Pandora FMS versions 700 through 773, which stems from a path traversal in...
OpenCart 安全漏洞
OpenCart is an open source e-commerce system from the OpenCart team in Hong Kong, China. The system provides product reviews, product ratings, product additions and other modules. OpenCart suffers from an authorization issue vulnerability that arises from allowing a back-end user with...
Server Side Request Forgery (SSRF)
ethyca-fides is vulnerable to Server Side Request Forgery. The vulnerability arises due to application's inability to perform validation against access of internal resources. A specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems...
RockyLinux 9 : libeconf (RLSA-2023:4347)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4347 advisory. libeconf: stack-based buffer overflow in readfile in lib/getfilecontents.c CVE-2023-22652 Tenable has extracted the preceding description block directly...
CVE-2023-42771
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files...
CVE-2023-42771
CVE-2023-42771 affects Furuno ACERA 1320 and ACERA 1310 devices with firmware version 01.26 and earlier, when operating in ST (Standalone) mode. A network-adjacent, unauthenticated attacker can access the product to download configuration and log files, and upload configuration files and/or firmw...
Fedora 37 : libeconf (2023-b4b77f950c)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b4b77f950c advisory. Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079 Tenable has extracted the preceding description block directly from the Fedora security...
PT-2023-29061 · Mcafee · Skyhigh Secure Web Gateway
Name of the Vulnerable Software and Affected Versions: Skyhigh Secure Web Gateway SWG versions 11.x prior to 11.2.14 Skyhigh Secure Web Gateway SWG versions 10.x prior to 10.2.25 Skyhigh Secure Web Gateway SWG versions 12.x prior to 12.2.1 Description: A password management issue in Skyhigh Secur...
Fedora 38 : libeconf (2023-6432bb65ae)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6432bb65ae advisory. Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079 Tenable has extracted the preceding description block directly from the Fedora security...
Password Disclosure
dolphinscheduler-server is vulnerable to Password Disclosure. The vulnerability exists due to improper handling of logs in the process function of LoggerRequestProcessor.java, allowing an attacker to utilize tasks to read config files, which could include the database password...
PT-2023-22655 · Mremoteng · Mremoteng
Name of the Vulnerable Software and Affected Versions: mRemoteNG versions = 1.76.20 mRemoteNG versions = 1.77.3-dev Description: The issue allows attackers to access the contents of configuration files in plain text through a memory dump, thus compromising user credentials when no custom password...
CVE-2023-34128
Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Impact In environments where untrusted users have access to the config files e.g. .sqlfluff, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a sandboxed...
UBUNTU-CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
PYSEC-2023-111
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...
CVE-2023-36830
CVE-2023-36830 affects SQLFluff prior to v2.1.2 where an attacker with access to config files could abuse the library_path setting to execute arbitrary Python code via Jinja/macros. The issue arises when untrusted users can view or modify config and leverage library_path to reach Python execution...