CVE-2021-44476

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files...

CVE-2021-44476

CVE-2021-44476 affects Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, via a sandboxing issue that allows authenticated administrators to read local files on the server, including sensitive configuration files. The connected documents corroborate the same description and lis...

CVE-2021-44476

A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files...

Expo 安全漏洞

Expo is an open source platform from Expo for creating React Native apps, which provides a number of tools and services that make it easier to develop React Native apps. Expo has a security vulnerability. An attacker exploited the vulnerability to take over an account and steal configuration file...

CVE-2023-28124

Improper usage of symmetric encryption in UI Desktop for Windows Version 0.59.1.71 and earlier could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later...

Design/Logic Flaw

Improper usage of symmetric encryption in UI Desktop for Windows Version 0.59.1.71 and earlier could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later...

PT-2023-21582 · Unknown · Ui Desktop

Name of the Vulnerable Software and Affected Versions: UI Desktop for Windows versions 0.59.1.71 and earlier Description: The issue arises from improper usage of symmetric encryption in UI Desktop, potentially allowing users with access to configuration files to decrypt their content. This could...

UI Desktop 加密问题漏洞

UI Desktop is a desktop management software from the UI community. A security vulnerability exists in UI Desktop versions prior to 0.62.3, which stems from the improper use of symmetric encryption, and can be exploited by an attacker to potentially gain access to configuration files and decrypt...

The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring, due to deficiencies in access control, allows unauthorized access by attackers to configuration files.

The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to configuration files...

TigerGraph 安全漏洞

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in TigerGraph Enterprise Free Edition version 3.x that stems from the ability to read authentication...

PT-2023-17069 · Ge Gas Power · Controlst +1

Name of the Vulnerable Software and Affected Versions: ToolboxST versions prior to 7.10 Description: The issue is related to a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a...

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...

CVE-2023-1138

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials...

CVE-2023-1138 CVE-2023-1138

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials...

CVE-2023-20059

A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...

Design/Logic Flaw

A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...

CVE-2023-20059 Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper...

CVE-2023-20059

Cisco DNA Center information disclosure vulnerability (CVE-2023-20059) arises from RBAC weaknesses in the integration of the Network Plug-and-Play (PnP) agent. An authenticated, remote attacker with low privileges can query an internal API to view sensitive data in clear text, potentially includi...

PT-2023-2505 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center affected versions not specified Description: A vulnerability in the implementation of the Cisco Network Plug-and-Play PnP agent could allow an authenticated, remote attacker to view sensitive information in clear text. The...

SUSE-SU-2023:0812-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: dracut-saltboot: - Update to verion 0.1.1674034019.a93ff61 Install copied wicked config as client.xml bsc1205599 - Update to version 0.1.1673279145.e7616bd grafana: - CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to versio...