129 matches found
Zulip 安全漏洞
Zulip is a powerful open source group chat application from the Zulip team. It is used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in versions prior to Zulip 1.3.12, which stems from the fact that other users...
The vulnerability of the Display Key Combination Fast Access swhkd implementation in the Wayland display server protocol involves an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the Display KeyCombination Scanner daemon in the Wayland display server protocol implementation is related to an uncontrolled resource consumption during syntax analysis of files with the -c parameter. Exploiting this vulnerability can allow attackers to cause service failure...
PT-2022-14235 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 10.7 through 14.10.5 GitLab EE versions 15.0 through 15.0.4 GitLab EE versions 15.1 through 15.1.1 Description: The issue concerns incorrect authorization in GitLab EE, allowing an attacker with a valid Deploy Key or Deploy...
CVE-2022-21213
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively...
CVE-2021-32958 Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel
Successful exploitation of this vulnerability on Claroty Secure Remote Access SRA Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface UI. With acces...
PT-2022-13916 · WordPress · All-In-One Wp Migration
Name of the Vulnerable Software and Affected Versions: All-in-One WP Migration plugin for WordPress versions up to, and including, 7.58 Description: The issue arises from insufficient file validation via the /lib/model/class-ai1wm-backups.php file, allowing for arbitrary file deletion via directo...
Vulnerability fixed in Grafana
A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...
CVE-2022-24334
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...
CVE-2022-24334
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...
UBUNTU-CVE-2021-40327
Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner...
PT-2021-21257 · Apache · Apache Ozone
Name of the Vulnerable Software and Affected Versions: Apache Ozone versions prior to 1.2.0 Description: The issue allows authenticated users with permission to the key to retrieve initially generated block tokens from the metadata database. These tokens can be used even after access has been...
CVE-2012-1096
CVE-2012-1096 affects NetworkManager 0.9 and earlier. The flaw allows local users to access other users’ certificates or private keys when establishing a connection via a file path during addition of a new connection. This is a local-attack exposure with a confidentiality impact reported as high ...
CVE-2019-19696
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to...
Xiaomi Mi Home smart platform has information leakage vulnerability
Xiaomi Mijia Intelligent Platform is Xiaomi's open platform for the IoT field, which can realize the interconnection of consumer smart hardware such as smart home devices, smart home appliances, smart wearable devices, smart travel devices and other consumer smart hardware. Xiaomi Mijia intellige...
CVE-2019-1019
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access...
CVE-2018-12038
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key...
June 21, 2018—KB4284842 ( Preview of Monthly Rollup)
June 21, 2018—KB4284842 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4284826 released June 12, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Updates the...
cryptlib Information Disclosure Vulnerability
cryptlib is a general-purpose cryptographic library based on the GnuPG code. A security vulnerability exists in cryptlib. The vulnerability can be exploited by an attacker to obtain a key by accessing a local device or a different virtual machine on the same physical host...
LibreSSL ROHNP Vulnerability
LibreSSL is a fork of the OpenSSL cryptographic software library developed by the OpenBSD project and an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. A security vulnerability exists in LibreSSL versions prior to 2.6.5 and 2.7.x prior to...
PT-2017-8411 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue allows local users to obtain the CA key due to a problem in the pulp-qpid-ssl-cfg script. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...