566 matches found
Apache Solr 安全漏洞
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr, which stems from the presence of a...
Gematik Referenzvalidator 代码问题漏洞
Gematik Referenzvalidator is an open source tool from gematik. It is used for advanced validation of TI applications and Contoso resources for interoperability standards. A code issue exists in Gematik Referenzvalidator that stems from the use of insecure default settings in the Woodstox...
CVE-2024-44096
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-44096
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-44096
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-44096
CVE-2024-44096 affects Google Pixel devices (Android) and is caused by an insecure default value that enables an arbitrary read, potentially leading to local information disclosure with system execution privileges. Exploitation does not require user interaction. The issue is listed in the Pixel s...
Google Pixel 安全漏洞
Google Pixel is a smartphone from Google USA. Google Pixel suffers from a security vulnerability that stems from the inclusion of an insecure default value that could be read arbitrarily...
PT-2024-30947 · Google · Android
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to an insecure default value, which could lead to a possible arbitrary read. This might cause local information disclosure with System execution privileges needed. Use...
NewStart CGSL MAIN 6.02 : perl-HTTP-Tiny Multiple Vulnerabilities (NS-SA-2024-0058)
The remote NewStart CGSL host, running version MAIN 6.02, has perl-HTTP-Tiny packages installed that are affected by multiple vulnerabilities: - It was found that perl can load modules from the current directory if not found in the module directories, via the @INC path. A local, authenticated...
CVE-2024-45313 Insecure default setting for Server Pro installed via Overleaf toolkit
Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...
PUB-A-342511931
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
IBM Data Risk Manager Arbitrary File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Data Risk Manager Arbitrary File Download', 'Description' = %q IBM Data Risk Manager IDRM contains two vulnerabilities that can be chained by...
CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)
The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...
Google Android elevation of privilege vulnerability (CNVD-2024-37968)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an insecure default value in FooterActionsViewModel ktonForegroundServiceButtonClicked. An attacker can exploit this vulnerability to elevate...
CVE-2024-34734
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2024-34734
CVE-2024-34734 describes an Elevation of Privilege in Android related to FooterActionsViewModel.kt (onForegroundServiceButtonClicked): an insecure default value could allow disabling the active VPN from the lockscreen with local impact and no user interaction. The vulnerability is tracked in mult...
Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series
Overview FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. Initialization of a Resource with an Insecure Default CWE-1188 - CVE-2024-31070 Active Debug Code CWE-489 - CVE-2024-36475 OS Command Injection CWE-78 -...
CVE-2024-31070
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker to access telnet service unlimitedly...
Exploit for Insecure Default Initialization of Resource in Apache Superset
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
CVE-2024-20056
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185...