CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

UBUNTU-CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

CVE-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

CVE-2024-23944

CVE-2024-23944 is a ZooKeeper information-disclosure vulnerability involving persistent watchers. The issue arises when a watcher attached to a parent znode to which the attacker already has access is triggered; the server does not perform an ACL check at watch-trigger time, exposing the full pat...

CVE-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

CVE-2024-23944

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

CVE-2023-30968

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting XSS vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack...

Cross site scripting

One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting XSS vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack...

PT-2024-12247 · Unknown · Gotham Gaia

Name of the Vulnerable Software and Affected Versions: Gotham Gaia affected versions not specified Description: A stored cross-site scripting XSS issue was discovered, allowing an attacker to bypass Content Security Policy CSP and achieve a persistent cross-site scripting payload. Recommendations...

Denial of Service (DoS)

Overview billz/raspap-webgui is a Simple wireless AP setup and mangement for Debian-based devices. Affected versions of this package are vulnerable to Denial of Service DoS due to improper authentication. An attacker can cause a persistent denial of service bricking by sending a specially crafted...

Trust Boundary Violation

Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...

GHSA-FG9Q-5CW2-P6R9 kubevirt-csi: PersistentVolume allows access to HCP's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

CVE-2024-1725 Kubevirt-csi: persistentvolume allows access to hcp's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

CVE-2024-1725 Kubevirt-csi: persistentvolume allows access to hcp's root node

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

CVE-2024-1725

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane HCP. This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node...

Red Hat OpenShift Container Platform Security Vulnerability

Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat, Inc. that enable organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A security vulnerability exists in Red Hat OpenShift...

Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...

CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...

CVE-2024-27917 Shopware's session is persistent in Cache for 404 pages

Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session...