PT-2024-34147 · Scoold · Scoold

Name of the Vulnerable Software and Affected Versions: Scoold versions prior to 1.64.0 Description: A semicolon path injection vulnerability was found on the "/api;/config" endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorized access to sensitive...

Scoold 安全漏洞

Scoold is an open source team quiz and knowledge sharing platform by Erudika. Scoold suffers from a security vulnerability that stems from a semicolon path injection vulnerability found in the /api;/config endpoint, where by appending a semicolon to a URL, an attacker can bypass authentication an...

PT-2024-29298 · Tropos · Tro600 Series Radios

Name of the Vulnerable Software and Affected Versions: TRO600 series radios affected versions not specified Description: The issue concerns the extraction of profile files from TRO600 series radios in both plain-text and encrypted file formats. These profile files contain valuable configuration...

Mitel MiCollab 安全漏洞

Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8 SP1 FP2 9.8.1.201 and prior versions, which stems from insufficient filtering of...

Cisco UCS Central 安全漏洞

Cisco UCS Central is a server management software from Cisco USA. The software supports the management of multiple Cisco UCS instances or domains in different locations and environments. Up to 10,000 Cisco UCS servers blades, racks, and minis and Cisco HyperFlex systems can be supported using the...

Unspecified Vulnerability in JetBrains YouTrack

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. A security vulnerability exists in...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. A security vulnerability exists in...

CVE-2024-42344

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 SP2. The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the...

CVE-2024-42344

The CVE-2024-42344 vulnerability affects Siemens SINEMA Remote Connect Client (versions prior to 3.2 SP2). The issue is that the application writes sensitive information into a log file accessible to all legitimate users on the system, potentially exposing other users’ configuration data and impa...

Siemens SINEMA Remote Connect 日志信息泄露漏洞

Siemens SINEMA Remote Connect is a remote management platform from Siemens, Germany. The platform supports efficient and secure remote access to globally distributed machines and ensures secure management of VPN channels between control centers, service engineers and installed equipment. A log...

PT-2024-29881 · Siemens · Sinema Remote Connect Client

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.2 SP2 Description: A vulnerability has been identified where the affected application inserts sensitive information into a log file. This log file is readable by all legitimate users of the...

CVE-2024-39278 Hughes Network Systems Insufficiently Protected Credentials

Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...

PT-2024-29989 · Hughes Network Systems +1 · Wl3000 Fusion +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves credentials to access device configuration being transmitted using an unencrypted protocol. This allows read-only access to network...

PT-2024-41039 · Unknown · Knowledge Space

Name of the Vulnerable Software and Affected Versions: Knowledge Space affected versions not specified Description: The issue is related to a lack of user permission checks in the Knowledge Space integrated planning platform's application programming interface. This could allow a remote attacker ...

Apache CloudStack Information Disclosure Vulnerability (CNVD-2024-35665)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An information disclosure vulnerability exists in Apache CloudStack...

FOGProject 安全漏洞

FOGProject is a free open source network computer cloning and management solution from FOGProject Open Source. It can be used to deploy and manage any desktop operating system. FOGProject has a security vulnerability that stems from a lack of access control on the hostinfo page, which only requir...

CVE-2024-23562

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system...

HCL Domino Security Vulnerability

HCL Technologies HCL Domino is an application software from HCL Technologies, Inc. It provides a platform for application development. A security vulnerability exists in HCL Domino, which arises from the presence of sensitive configuration information leakage that can be exploited by remote,...

CVE-2024-35137

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413...

Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.12 - Authenticated (Subscriber+) Information Exposure

Description The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and abov...