Lucene search
K

304 matches found

AlpineLinux
AlpineLinux
added 2021/07/23 9:50 p.m.5 views

CVE-2021-32783

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

8.5CVSS8.3AI score0.01151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/07/23 12:0 a.m.4 views

PT-2021-19929 · Contour +1 · Contour +1

Name of the Vulnerable Software and Affected Versions: Contour versions prior to 1.17.1 Contour versions prior to 1.18.0 Description: A specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy containe...

8.5CVSS7.1AI score0.01151EPSS
Exploits0References14
CVE
CVE
added 2021/03/26 9:40 p.m.234 views

CVE-2021-21396

The CVE-2021-21396 entry concerns wire-server, the backend for Wire. Affected version window is 2021-02-16 through 2021-03-02, where the GET /users/list-clients endpoint exposed client metadata for all users. Any logged-in user could request details of other users (no connection requirement) by g...

6.5CVSS6.4AI score0.01093EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/03/26 9:40 p.m.26 views

CVE-2021-21396 Bulk list client endpoint exposes too much metadata about a client

wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the GET /users/list-clients endpoint. The endpoint could be used by any logged in user who could...

6.5CVSS6.6AI score0.01093EPSS
Exploits0References3
Schneier on Security
Schneier on Security
added 2021/03/12 12:3 p.m.49 views

Metadata Left in Security Agency PDFs

Really interesting research: "Exploitation and Sanitization of Hidden Data in PDF Files" Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like author...

0.5AI score
Exploits0
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2021/02/26 12:50 a.m.6 views

Vault Enterprise’s DR Secondaries Exposed License Metadata Without Authentication

Summary Vault Enterprise’s /sys/license endpoint allowed the read of license metadata from Vault DR secondaries without authentication. This vulnerability, CVE-2021-27668, was fixed in Vault Enterprise 1.6.3. Background Vault Enterprise nodes expose the /sys/license API endpoint for access to and...

5.3CVSS6.2AI score0.01043EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/02/02 12:15 a.m.3 views

CVE-2020-36231

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References IDOR vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2...

4.3CVSS5.8AI score0.012EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/01 12:0 a.m.6 views

Atlassian Jira Server and Data Center 输入验证错误漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that allows remote attackers to view metadata on boards...

4.3CVSS5.8AI score0.012EPSS
Exploits0References2
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.7 views

WordPress 处理逻辑错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Advanced Access Manager plugin versions prior to 6.6.2,...

4.3CVSS5.8AI score0.01059EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2020/10/27 12:0 a.m.10 views

The vulnerability of the set_file_metadata function in the GNU Wget download manager allows a hacker to gain access to protected information.

The vulnerability of the setfilemetadata function in the GNU Wget download manager is related to the lack of protection for metadata. Exploiting this vulnerability could allow an attacker to access protected information...

7.8CVSS6.6AI score0.00659EPSS
Exploits1References4Affected Software5
OSV
OSV
added 2020/08/25 7:15 p.m.7 views

CVE-2020-16197

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...

4.3CVSS5.8AI score0.00548EPSS
Exploits0References3
NVD
NVD
added 2020/06/11 3:15 p.m.13 views

CVE-2020-0135

In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.4CVSS0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/11 2:43 p.m.18 views

CVE-2020-0135

In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.4AI score0.00138EPSS
Exploits0References1
Prion
Prion
added 2019/10/02 7:15 p.m.20 views

Code injection

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293...

5CVSS5.2AI score0.00904EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/11/21 10:24 p.m.2 views

GHSA-JMF4-PQ78-F8VJ Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS6AI score0.01988EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2018/10/30 8:18 a.m.4 views

Signal Secure Messaging App Now Encrypts Sender's Identity As Well

Signal, the popular end-to-end encrypted messaging app, is planning to roll out a new feature that aims to hide the sender's identity from potential attackers trying to intercept the communication. Although messages send via secure messaging services, like Signal, WhatsApp, and Telegram, are full...

6.5AI score
Exploits0
Hacker One
Hacker One
added 2018/10/25 10:21 p.m.14 views

U.S. Dept Of Defense: Access to all █████████ files, including CAC authentication bypass

Summary: Due to an Insecure Direct Object Reference IDOR in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As described on ██████████ website, this includes documents with classifications up to FOUO, including PII / PHI...

1AI score
Exploits0
OSV
OSV
added 2017/10/19 9:29 p.m.3 views

DEBIAN-CVE-2012-4382

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt...

4.9CVSS6.8AI score0.01201EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/08/23 8:34 p.m.20 views

Instacart: Fetch private list metadata and any user's personal name

Overview == When a user creates a list, they can choose whether to make the list visible in search and whether to show their name with the list. The problem is that the attacker can still access the information that the user chose to hide. Furthermore, if the attacker gets hold of a user's ID, th...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/08/07 6:23 p.m.3 views

389-ds: unauthenticated information disclosure

It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to...

5CVSS5.8AI score0.02198EPSS
Exploits0References4
Rows per page
Query Builder