2857 matches found
Ashlar-Vellum Cobalt 安全漏洞
Ashlar-Vellum Cobalt is a parametric-based computer-aided design and 3D modeling program from Ashlar-Vellum. A security vulnerability exists in versions prior to Ashlar-Vellum Cobalt v12 SP2 Build 1204.200 that stems from a lack of proper validation of user-supplied data when parsing CO files. An...
Rockwell Automation FactoryTalk AssetCentre 安全漏洞
Rockwell Automation FactoryTalk AssetCentre is an application from Rockwell Automation, Inc. It provides centralized tools for protecting, managing, versioning, tracking, and reporting information about automation-related assets throughout the plant. A security vulnerability exists in Rockwell...
CVE-2025-24814 Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...
Apache Solr 安全漏洞
Apache Solr is a search server based on Lucene a full-text search engine from the Apache Foundation USA. The product supports dimensional search, vertical search, and highlighting of search results. A security vulnerability exists in Apache Solr version 9.7 and earlier versions, which stems from ...
[SECURITY] Fedora 41 Update: containers-common-0.61.1-1.fc41
This package contains common configuration files and documentation for contai ner tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from pro jects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packag ...
Moderate: Red Hat Security Advisory: java-17-openjdk security update for RHEL 8.4
An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this...
The vulnerability of the implementation of the authorization mechanism for microprogramming software in Moxa EDS-508A switches allows a intruder to gain unauthorized access to the device’s configuration files.
The vulnerability of the authentication mechanism for Microprogramming Software on Moxa EDS-508A switches lies in the exploitation of vulnerabilities in the identification/authentication mechanism. Exploiting this vulnerability can allow an intruder, operating remotely, to gain unauthorized acces...
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...
CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...
The vulnerability in the web interface for managing Zyxel network devices allows a perpetrator to escalate their privileges.
The vulnerability of the web interface for managing Zyxel network devices involves insecure management of privileges. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the level of an administrator and upload configuration files...
OpenVPN Connect 安全漏洞
OpenVPN Connect is a VPN Virtual Private Network client application from OpenVPN USA. A security vulnerability exists in OpenVPN Connect versions prior to 3.5.0, which stems from a plaintext private key in the configuration file being recorded in the application logs, which can be used by...
CVE-2024-54452
An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers authenticated as administrators to trigger the display of unintended files. Any file...
Kurmi Provisioning Suite 安全漏洞
Kurmi Provisioning Suite is an infrastructure management suite from Kurmi. A security vulnerability exists in Kurmi Provisioning Suite versions prior to 7.9.0.35 and versions 7.10.x through 7.10.0.18. An attacker exploiting this vulnerability could access any file, such as a configuration file...
Gogs allows argument Injection when tagging new releases
Impact Unprivileged user accounts with at least one SSH key can read arbitrary files on the system. For instance, they could leak the configuration files that could contain database credentials database and security SECRETKEY. Attackers could also exfiltrate TLS certificates, other users'...
CVE-2024-12798
A flaw was found in Logback. This flaw allows a privileged attacker with write access to modify Logback configuration files or inject a malicious environment variable to execute arbitrary code via the JaninoEventEvaluator extension...
CVE-2024-12801
A Server-Side Request Forgery SSRF vulnerability was found in Logback. This flaw allows a local attacker to forge requests by modifying XML configuration files to ignore external DTD files specified in DOCTYPE declarations, potentially exposing confidential or restricted data...
QOS.CH logback-core Server-Side Request Forgery vulnerability
Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files...
CVE-2024-12801 SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML...
PT-2024-17746 · Logback +2 · Logback +2
Name of the Vulnerable Software and Affected Versions: logback versions 0.1 through 1.3.14 logback versions 1.4.0 through 1.5.12 Description: The issue allows an attacker to forge requests by compromising logback configuration files in XML. This is achieved by modifying the DOCTYPE declaration in...
CVE-2024-49817
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user...