Nginx Proxy Manager 安全漏洞

Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager version v2.12.3, which stems from an improperly configured CORS and could lead to a...

Versal™ Adaptive SoC – Improper Configuration of the Secure Stream Switch during Post-Boot Cryptographic Operations

AMD ID: AMD-SB-8011 Potential Impact: N/A Severity: N/A Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that allows a remote processor to command the PLM to execute cryptographic operations – including AES, SHA3, RSA, ECD...

CVE-2024-28069

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and...

CVE-2023-30674

Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie...

CVE-2021-35070

RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2021-25399

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege...

CVE-2021-30346

RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking...

CVE-2020-0574

Improper configuration in block design for IntelR MAXR 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical access...

CVE-2019-5277

Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation...

CVE-2024-11917

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearchxingresponsedatacallback', 'setaccesstokes', and 'googlecallback' functions. This makes it possible for...

Remote Code Execution (RCE)

litellm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the 'postcallrules' configuration, allowing an attacker to specify a system method as a callback, leading to arbitrary command execution...

Credential Disclosure

github.com/writefreely/writefreely is vulnerable to Credential Disclosure. The vulnerability is due to improper configuration management. Specifically, the sensitive information in the config.ini file is not adequately protected, allowing local users to access it and discover credentials when MyS...

XML External Entity (XXE)

Unstructured is vulnerable to XML External Entity XXE. The vulnerability is due to improper configuration while setting resolveentities=False for parsing XML with lxml in partitionxml, which allows external entities to be processed...

Cisco NX-OS Permissions, Privileges, and Access Controls (CVE-2015-4234)

Cisco NX-OS 6.02 and 6.22 on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. This plugin only works with Tenable.ot. Please visit...

CVE-2024-52946

An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value...

NetworkManager-libreswan security update

1.2.4-2.0.1 - Fix improper escaping of Libreswan configuration CVE-2024-9050Orabug: 37206712...

Arbitrary Code Execution

org.openrefine, database is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper configuration in the database extension of OpenRefine, specifically the enableloadextension property that permits loading local or remote extension DLLs...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from...

CVE-2022-48652

In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 "ice: ethtool: Prohibit improper channel config for DCB" already disallow setti...

SSL Spoofing

azure-core is vulnerable to SSL spoofing attacks. The vulnerability is due to improper SSL configuration, which could allow an attackers to impersonate domains...