GHSA-3QC3-MX6X-267H Insecure default config access in WriteFreely

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini...

CVE-2024-53275 GHSL-2024-091: DNS rebinding attack in home-gallery

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. I...

PT-2024-9462 · Microsoft · Windows Remote Desktop Services +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Services affected versions not specified Description: The issue is related to a remote code execution problem in Windows Remote Desktop Services. It involves the initialization of an insecure variable by default...

Versa Networks Versa Director insecure default PostgreSQL configuration

RISK EVALUATION Versa Networks Versa Director, by default, configures PostgreSQL to listen on all network interfaces using database credentials shared by multiple installations. From Advising Vulnerability In Versa Director: "This combination allows an unauthenticated attacker to access and...

AMD Ryzen Master 安全漏洞

AMD Ryzen Master is a software tool from UltraMicroelectronics AMD for managing and tuning the performance of AMD Ryzen processors. AMD Ryzen Master has a security vulnerability that stems from incorrect default permissions. An attacker exploiting this vulnerability could achieve elevation of...

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the defaultfilesystemdisk configuration. An attacker can access sensitive data by exploiting the default public storage setting. Remediation Upgrade filament/actions to version 3.2.123 ...

CVE-2024-48271

D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack...

CVE-2024-48271

D-Link DSL6740C v6.TR069.20211230 was discovered to use insecure default credentials for Administrator access, possibly allowing attackers to bypass authentication and escalate privileges on the device via a bruteforce attack...

D-Link DSL6740C 安全漏洞

The D-Link DSL6740C is a wireless router developed by D-link. The D-Link DSL6740C suffers from a security vulnerability that stems from the use of an insecure default wifi password, which can be exploited by an attacker to gain unauthorized access to the system...

CVE-2024-47016

there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-47016

there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-47016

CVE-2024-47016 affects Google Pixel devices in the ACPM component. The vulnerability arises from an insecure default value, enabling local privilege escalation with no additional execution privileges or user interaction required. The impact is described as local escalation to a higher privilege l...

CVE-2024-47016

there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-44099

There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-44099

There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2024-32343 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue is related to a possible privilege escalation due to an insecure default value, which could lead to local escalation of privilege with no additional execution privileges neede...

BIT-SOLR-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...

CVE-2024-45217

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...

CVE-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...

CVE-2024-45217

CVE-2024-45217 describes an insecure default initialization of resources in Apache Solr. New ConfigSets created via Restore may be created without the trusted metadata, causing some ConfigSets to be implicitly trusted and potentially able to load custom code into classloaders. The issue affects S...