CVE-2024-1575

CVE-2024-1575 affects Zyxel WBE660S, specifically firmware 6.70(ACGG.3) and earlier. The issue is improper privilege management that can let an authenticated user escalate privileges and download configuration files from the device (impacting confidentiality). Reported attack vector is network wi...

CVE-2024-1575

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70ACGG.3 and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device...

CUPS < 2.4.9 File Permission Vulnerability

CUPS is prone to a file permission vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openprinting:cups"; if...

c-ares: Out of bounds read in ares__read_line()

A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...

The vulnerability of the SCADA system “ENTEK,” which stems from the storage of critical information in an open manner, allows a intruder to gain unauthorized access to the protected information.

The vulnerability of the SCADA system “ENTEK” is related to the storage of critical information in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information by intercepting traffic or obtaining configuration...

How to Configure an External SSL Certificate for XenMobile Device Manager 9.0

This article provides information on how to configure an external SSL Certificate for XenMobile Device Manager XDM. The procedure in this article should be used during new installations or certificate renewals with the same FQDN – new installations that are set up with internal self-signed...

GO-2024-2519 Grafana world readable configuration files in github.com/grafana/grafana

Grafana world readable configuration files in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

CVE-2024-4836

Web services managed by Edito CMS Content Management System in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versio...

CVE-2024-4836

Edito CMS Web services expose a sensitive data leak in versions 3.5–3.25 by allowing unauthenticated download of configuration files. The issue was fixed in releases after January 10, 2014; higher versions were never affected. Remediation: update to a version later than 3.25. No exploitation deta...

Edito CMS Security Vulnerability

Edito CMS is a comprehensive framework from Edito Inc. that can improve the management of websites and portals. A security vulnerability exists in Edito CMS versions 3.25 through 3.5 that stems from allowing unauthenticated users to download configuration files...

Faronics WINSelect Trust Management Issues Vulnerability

Faronics WINSelect is an application from Faronics, Inc. It is used to customize the usage configuration of Windows computers. A security vulnerability previously existed in Faronics WINSelect version 8.30.xx.903, which arose from the use of configuration files encrypted with a static key derived...

Faronics WINSelect Security Breach

Faronics WINSelect is an application from Faronics, Inc. It is used to customize the usage configuration of Windows computers. A security vulnerability previously existed in Faronics WINSelect version 8.30.xx.903, which stemmed from improper privilege management of configuration files...

CAREL Boss-Mini

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : CAREL Equipment : Boss-Mini Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

BIT-GITLAB-2024-1736 Uncontrolled Resource Consumption in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration...

SUSE CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration...

CVE-2024-1736

An issue has been discovered in GitLab CE/EE affecting all versions prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through maliciously crafted configuration...

CVE-2024-1736

Removed by vendor...

PT-2024-4307 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 16.10.7 GitLab CE/EE versions 16.11 prior to 16.11.4 GitLab CE/EE versions 17.0 prior to 17.0.2 Description: A vulnerability in GitLab's CI/CD pipeline editor could allow for denial of service attacks through...

GitLab CE/EE Security Vulnerabilities

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE, which stems from a vulnerability that...