53 matches found
Insecure Default Initialization of Resource
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the default newsletter opt-in settings. An attacker can abuse the system for mass unsolicited newsletter sign-ups without requiring...
CVE-2025-2441
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could lead to loss of confidentiality when a malicious user, having physical access, sets the radio in factory default mode where the product does not correctly initialize all data...
CVE-2025-29985
Dell Common Event Enabler, versions CEE 9.0.0.0, contains an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent CAVA. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
Insecure Default Initialization of Resource
Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the defaultfilesystemdisk configuration. An attacker can access sensitive data by exploiting the default public storage setting. Remediation Upgrade filament/actions to version 3.2.123 ...
BIT-SOLR-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...
CVE-2024-45217
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...
CVE-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...
CVE-2024-45217
CVE-2024-45217 describes an insecure default initialization of resources in Apache Solr. New ConfigSets created via Restore may be created without the trusted metadata, causing some ConfigSets to be implicitly trusted and potentially able to load custom code into classloaders. The issue affects S...
Apache Solr 安全漏洞
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr, which stems from the presence of a...
NewStart CGSL MAIN 6.02 : perl-HTTP-Tiny Multiple Vulnerabilities (NS-SA-2024-0058)
The remote NewStart CGSL host, running version MAIN 6.02, has perl-HTTP-Tiny packages installed that are affected by multiple vulnerabilities: - It was found that perl can load modules from the current directory if not found in the module directories, via the @INC path. A local, authenticated...
Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
Overview FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. Initialization of a Resource with an Insecure Default CWE-1188 - CVE-2024-31070 Active Debug Code CWE-489 - CVE-2024-36475 OS Command Injection CWE-78 -...
Exploit for Insecure Default Initialization of Resource in Apache Superset
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
Insecure Default Initialization of Resource
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the Liferay-Portal response header. An attacker can obtain sensitive version information by sending crafted HTTP...
CVE-2023-31486
A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...
Insecure Default Initialization
com.liferay.portal, com.liferay.portal.impl is vulnerable to Insecure Default Initialization. The vulnerability exists because the default configuration does not require users to verify their email addresses. It allows remote attackers to create accounts using fake email addresses or addresses th...
GHSA-H79M-5CM2-278C User data exposure in Apache InLong
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...
CVE-2023-31101
CVE-2023-31101 affects Apache InLong 1.5.0–1.6.0 and allows users registered later to see data from deleted users due to insecure default initialization of resources. The vulnerability is categorized as an information disclosure issue; the publicly available fix is to upgrade to InLong 1.7.0 or c...
PT-2023-23156 · Apache · Apache Inlong
Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.5.0 through 1.6.0 Description: This issue allows users registered in InLong who joined later to see deleted users' data. The problem is related to insecure default initialization of resources. Recommendations: For...
Juniper Junos OS Vulnerability (JSA70603)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70603 advisory. - An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain...
CVE-2023-28978
An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured...