GHSA-8WR4-2WM6-W3PR B2 Command Line Tool TOCTOU application key disclosure

Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...

B2 Command Line Tool TOCTOU application key disclosure

Impact Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race condition. The command line tool saves API keys and bucket...

Time-of-check-time-of-use (TOCTOU)

b2sdk is vulnerable to time-of-check-time-of-use TOCTOU. A local attacker is able to read the contents of the local database file where API keys are saved when using SqliteAccountInfo, resulting in sensitive information disclosure via race condition...

PYSEC-2022-32

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

CVE-2021-40843

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77587)

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which could be exploited by an attacker with privileged credentials to execute arbitrary commands in the loca...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77589)

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...

Siemens SINEC NMS SQL Injection Vulnerability

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from a lack of validation and escaping of SQL parameter statements. An attacker could use this...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77586)

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements in the software. An attacker...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77592)

SINEC NMS is a network management system from Siemens for monitoring and managing industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which could be exploited by an authenticated attacker to import firmware containers into the affected system...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77591)

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from a lack of validation and escaping of SQL parameter statements. An attacker could use this...

Siemens SINEC NMS SQL Injection Vulnerability (CNVD-2021-77593)

SINEC NMS is a network management system used by Siemens to monitor and manage industrial networks.A SQL injection vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1, which stems from the lack of validation and escaping of SQL parameter statements. An attacker could use this...

CVE-2021-33735

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33732

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33731

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33732

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33729

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database...

CVE-2021-33735

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...

CVE-2021-33736

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application...