Docker CLI leaks private registry credentials to registry-1.docker.io

Impact A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be executed would result in any provided credentials being sent to...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment O...

jenkins-2-plugins: matrix-project plugin path traversal vulnerability

A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on...

CVE-2024-29974

UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “fileupload-cgi” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted...

CVE-2024-29974

UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “fileupload-cgi” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted...

CVE-2024-29974

UNSUPPORTED WHEN ASSIGNED The remote code execution vulnerability in the CGI program “fileupload-cgi” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted...

CVE-2024-5589 Netentsec NS-ASG Application Security Gateway sql injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/configMT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...

RHEL 7 : cups (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cups: insecure permissions of /var/log/cups allows for symlink attacks CVE-2021-25317 - OpenPrinting CUPS...

RHEL 7 : hesiod (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - hesiod: Use of hard-coded unsafe configuration if configuration file cannot be opened CVE-2016-10152 - Th...

CVE-2024-5587 Casdoor Configuration File app.conf file access

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotel...

CVE-2024-5587 Casdoor Configuration File app.conf file access

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotel...

[SECURITY] Fedora 39 Update: rust-sequoia-policy-config-0.6.0-8.fc39

Configure Sequoia using a configuration file...

GHSA-V35G-4RRW-H4FW Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

CVE-2024-25738

A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...

NASA AIT-Core 安全漏洞

NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version v2.5.2, which stems from a vulnerability that allows an attacker to execute arbitrary commands via a crafted YAML file...

CVE-2024-36081

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

CVE-2024-36081

Westermo EDW-100 serial-to-Ethernet converter is affected by CVE-2024-36081. An unauthenticated GET request can download the device configuration, exposing cleartext usernames and passwords. Impact is rated CVSS v3.1 9.8 (CRITICAL) with network access, no user interaction. Affected firmware up to...

CVE-2024-36081

Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network...

OESA-2024-1590 sane-backends security update

SANE Scanner Access Now Easy is a sane and simple interface to both local and networked scanners and other image acquisition devices like digital still and video cameras. Security Fixes: An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the...

EulerOS Virtualization 3.0.6.0 : python-configobj (EulerOS-SA-2024-1699)

According to the versions of the python-configobj packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - All versions of the package configobj are vulnerable to Regular Expression Denial of Service ReDoS via the validate...