Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

A race condition was found in the Linux kernel's net/bluetooth device driver in conninfomin,maxageset function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service...

CVE-2022-33734

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...

CVE-2023-54260 cifs: Fix lost destroy smbd connection when MR allocate failed

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

EUVD-2007-4583

Malware in sbrugna...

EUVD-2020-0046

Malware in sbrugna...

EUVD-2022-36772

Malicious code in bioql PyPI...

CVE-2025-29992

Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy...

CVE-2025-29992

Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy...

CVE-2025-29992

CVE-2025-29992 affects Mahara prior to 24.04.9. When the database becomes unreachable (e.g., temporarily down or overloaded), Mahara may disclose database connection information. The issue is documented across multiple sources (Red Hat, NVD, OpenVAS, CVE lists) with a consistent description: expo...

PT-2025-34771

Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 24.04.9 Description: Mahara versions prior to 24.04.9 expose database connection information when the database is unreachable, such as during temporary downtime or periods of high load. Recommendations: Update to...

CVE-2025-29992

Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy...

Linux Distros Unpatched Vulnerability : CVE-2020-10755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before...

CVE-2021-24164

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...

CVE-2019-0390

Under certain conditions SAP Data Hub corrected in DHFoundation version 2 allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users...

BIT-SUPERSET-2020-13952

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

Contract Management System 授权问题漏洞

Contract Management System is a contract management system. It enables companies to create new contracts and track the status of existing contracts to ensure that employees, vendors, and customers meet defined requirements. A security vulnerability exists in Contract Management System version v2....

Servisnet Tessa MQTT Credential Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...

openstack-cinder: Improper handling of ScaleIO backend credentials

An insecure-credentials flaw was found in openstack-cinder. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the connectioninfo element in all Block Storage v3 Attachments API calls containing that element...

openstack-cinder: Improper handling of ScaleIO backend credentials

An insecure-credentials flaw was found in openstack-cinder. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the connectioninfo element in all Block Storage v3 Attachments API calls containing that element...

Design/Logic Flaw

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...