CVE-2023-35689

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Design/Logic Flaw

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-35689

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. in the United States, designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from an insecure default value in the checkDebuggingDisallowed...

OESA-2023-1487 perl-HTTP-Tiny security update

This is a very simple HTTP/1.1 client, designed for doing simple requests without the overhead of a large framework like LWP::UserAgent. Security Fixes: HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users...

CVE-2023-31486

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...

CVE-2023-3485 Insecure Default Authorization in Temporal Server

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...

Temporal Server 安全漏洞

Temporal Server is a microservices orchestration platform from Temporal. A security vulnerability exists in Temporal Server that stems from insecure default settings...

CVE-2023-21219

there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...

Information disclosure

there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...

CVE-2023-21219

there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...

CVE-2023-21219

CVE-2023-21219 affects the Android kernel (Pixel/Android devices) where an insecure default enables unencrypted transport over cellular networks, potentially allowing remote information disclosure without extra privileges. Exploitation is described as network-based with no user interaction, and t...

CVE-2023-30905

The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege...

Insecure Default Initialization

com.liferay.portal, com.liferay.portal.impl is vulnerable to Insecure Default Initialization. The vulnerability exists because the default configuration does not require users to verify their email addresses. It allows remote attackers to create accounts using fake email addresses or addresses th...

PUB-A-264698379

there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

GHSA-H79M-5CM2-278C User data exposure in Apache InLong

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

CVE-2023-31101

CVE-2023-31101 affects Apache InLong 1.5.0–1.6.0 and allows users registered later to see data from deleted users due to insecure default initialization of resources. The vulnerability is categorized as an information disclosure issue; the publicly available fix is to upgrade to InLong 1.7.0 or c...

PT-2023-23156 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.5.0 through 1.6.0 Description: This issue allows users registered in InLong who joined later to see deleted users' data. The problem is related to insecure default initialization of resources. Recommendations: For...

Exploit for Insecure Default Initialization of Resource in Apache Superset

CVE-2023-27524 - Insecure Default Configuration in Apache Sup...