19 matches found
PYSEC-2026-147
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...
Gogs 安全漏洞
Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Prior to Gogs version 0.14.2, there was a security vulnerability. This...
CVE-2024-45591 XWiki Platform document history including authors of any page exposed to unauthorized actors
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification both username...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from a REST API that exposes the history of any page in XWiki whose name is known to an attacker, leading to information disclosu...
JFrog 安全漏洞
JFrog is an application from JFrog, Inc. that provides an end-to-end pipeline to control the flow of binaries from build to production. A security vulnerability exists in JFrog. An attacker exploiting this vulnerability could disclose any user's terminal server command history...
LinkedIn: Campaign Account Balance and History Disclosed in API Response
During the security assessment of the application, it has been observed that server-side authorization checks are not implemented on the 'GET /campaign-manager-api/campaignManagerAccounts/:campaignId/accountCredits?q=account' HTTP request. As a result, an attacker can fetch the campaign wallet...
CVE-2021-30884
The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history...
CVE-2019-8769
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history...
Debian DSA-4558-1 : webkit2gtk - security update
Several vulnerabilities have been discovered in the webkit2gtk web engine : - CVE-2019-8625 Sergei Glazunov discovered that maliciously crafted web content may lead to universal cross site scripting. - CVE-2019-8720 Wen Xu discovered that maliciously crafted web content may lead to arbitrary code...
Apple macOS Catalina WebKit Component Logic Flaw Vulnerability
Apple macOS Catalina is a proprietary operating system developed by Apple for Mac computers.WebKit is one of the components of the Web browser engine. A security vulnerability exists in the drawing of Web page elements in the WebKit component of Apple macOS Catalina prior to version 10.15. The...
TomTom: Exposed Git Repo at http://betaforum.tomtom.com/.git/{subfolders}
Dear Security team, I found a git repository on http://betaforum.tomtom.com/.git. This endpoint allows an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information, it all depends what is stored there. Example: 1...
Apple iTunes < 12.3.2 Multiple Vulnerabilities (uncredentialed check)
The version of Apple iTunes running on the remote Windows host is prior to 12.3.2. It is, therefore, affected by multiple vulnerabilities in the WebKit component : - Multiple memory corruption issues exists that an attacker can exploit to cause a denial of service or execute arbitrary code...
Scientific Linux Security Update : subversion on SL7.x x86_64 (20150908)
An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...
subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved...
Moderate: Red Hat Security Advisory: subversion security update
Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150817)
An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...
Apple iOS Safari History Disclosure Vulnerability (CNVD-2015-02331)
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS Safari fails to properly clear recently closed tabs when clearing history, allowing attackers to exploit the vulnerability to obtain sensitive information...
Mozilla Firefox Multiple Vulnerabilities Nov-09 (Windows)
This host is installed with Mozilla Firefox browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnnov09win.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Multiple Vulnerabilities Nov-09 Windows Authors: Sharath S Copyright: Copyright c 2009...
Opera 7.0 - Error Message History Disclosure
source: https://www.securityfocus.com/bid/6759/info It has been reported that Opera fails to ensure that a remote site has proper authorization before executing some methods used to access error messages stored in the Opera console. This issue is further exacerbated by the fact that error message...