CVE-2023-43091 Gnome-maps: gnome maps is vulnerable to a code injection attack (similar to xss) via its service.json

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code...

Fedora 37 : grafana (2022-a054b2bc7a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-a054b2bc7a advisory. Automatic update for grafana-8.5.6-1.fc37. Changelog Wed Jun 29 2022 Andreas Gerstmayr 8.5.6-1 - update to 8.5.6 tagged upstream community sources,...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2024-2881)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests.aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/...

CVE-2024-9949

Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application...

CVE-2024-9949 Denial of Service in Forescout SecureConnector

Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application...

CVE-2024-9949 Denial of Service in Forescout SecureConnector

Denial of Service in Forescout SecureConnector 11.1.02.1019 on Windows allows Unprivileged user to corrupt the configuration file and cause Denial of Service in the application...

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control TCC framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is track...

CVE-2023-6729

The CVE-2023-6729 entry concerns Nokia SR OS routers where a low-privilege user with the "access console" can read or replace the router’s configuration and other files on the CF/SD card via SFTP/SCP, bypassing CLI commands. Affected component: SR OS file system access via remote file transfer fo...

PT-2024-15062

Name of the Vulnerable Software and Affected Versions Nokia SR OS routers affected versions not specified Description The issue allows low-privilege authenticated users with "access console" to gain read-write access to the entire file system via SFTP or SCP. This access enables them to read or...

CVE-2024-45273 MB connect line/Helmholz: Weak encryption of configuration file

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used...

CVE-2024-45273

CVE-2024-45273 describes an unauthenticated local attacker who can decrypt the device’s configuration file due to a weak encryption implementation, leading to compromise of confidentiality, integrity, and availability. The vulnerability is triggered locally (attack vector: LOCAL) with low privile...

Helmholz REX100 代码注入漏洞

The Helmholz REX100 is a wireless router from Helmholz. A code injection vulnerability exists in Helmholz REX100 versions prior to 2.3.1, which stems from improper input validation and allows an unauthenticated, local attacker to gain administrator privileges by deploying a configuration file...

Incorrect Authorization

Overview opencanary is an OpenCanary daemon Affected versions of this package are vulnerable to Incorrect Authorization through the configuration file. An attacker can escalate privileges by modifying the configuration file, which is executed by the daemon running as root. Remediation Upgrade...

CVE-2024-45741

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" paramete...

OpenCanary 安全漏洞

OpenCanary is an open source multi-protocol network honeypot from Thinkst Applied Research. A security vulnerability exists in OpenCanary prior to version 0.9.4 that stems from a configuration file being stored in the unprivileged user directory, but the daemon is executed by root, thus allowing ...

PT-2024-7166 · Splunk · Splunk Cloud Platform +2

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.3 and 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205 Description: A low-privileged user without the "admin" or "power" Splunk roles could create a malicious payload through ...

PT-2024-21042 · H2O +1 · H2O +1

Name of the Vulnerable Software and Affected Versions: h2o versions prior to the version containing commit 123f5e2b65dcdba8f7ef659a00d24bd1249141be Description: h2o is an HTTP server with support for HTTP/1.x, HTTP/2, and HTTP/3. The configuration directives provided by the headers handler allow...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

CVE-2024-6983

mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...