The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to improper authentication, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to incorrect authentication. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Jenkins Bitbucket Branch Source Plugin, related to the disclosure of information through registration files, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Jenkins Bitbucket Branch Source Plugin is related to the disclosure of information through registration files. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

PT-2024-7488 · Yougile · Yougile

Name of the Vulnerable Software and Affected Versions: YouGile affected versions not specified Description: The issue is related to insufficient protection of service data in the project management service. It may allow a remote attacker to disclose protected information. Recommendations: At the...

The vulnerability of the query_contract_result function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and control system allows a perpetrator to disclose protected information.

The vulnerability of the querycontractresult function in the MCUDBHelper component of the corporate version of the PowerPanel Enterprise monitoring and power source management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow...

The vulnerability of Sonatype Nexus Repository Manager lies in the improper restriction of the path name to the restricted directory. This allows attackers to disclose protected information.

The vulnerability of Sonatype Nexus Repository Manager is related to incorrect restrictions on the path to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

The vulnerability of the Audio component in Microsoft Edge and Google Chrome browsers allows attackers to disclose protected information.

The vulnerability of the Audio component in Microsoft Edge and Google Chrome lies in the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to expose sensitive information through specially created PDF files...

The vulnerability of Kubernets Rancher cluster management software lies in the lack of access restrictions on protected information. This allows attackers to expose the protected data and gain administrative control over the Kubernetes cluster.

The vulnerability of Kubernets Rancher cluster management software is related to the lack of restrictions on access to protected information. Exploiting this vulnerability allows a malicious actor to disclose protected data and gain administrative control over the Kubernetes cluster...

The vulnerability of the Svacer SAST application, a static analyzer for Svace, relates to the disclosure of information, allowing an intruder to gain access to protected information.

The vulnerability of the Svacer SAST static analyzer app is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information...

The vulnerability of the Fortinet FortiPortal security analysis and management tool lies in the lack of protective measures for the SQL query structure, allowing attackers to disclose protected information.

The vulnerability of the Fortinet FortiPortal security analysis and management tool is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

The vulnerability of the graphical user interface of the Fortinet FortiPortal security analysis and management tool allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the graphical user interface of the Fortinet FortiPortal security analysis and management tool is related to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to...

GHSA-6J89-FRXC-Q26M @strapi/plugin-content-manager leaks data via relations via the Admin Panel

Summary 1. If a super admin creates a collection where an item in the collection has an association to another collection, a user with the Author Role can see the list of associated items they did not create. They should only see their own items that they created, not all items ever created...

PT-2024-22786 · Strapi · @Strapi/Plugin-Content-Manager +1

Name of the Vulnerable Software and Affected Versions: Strapi versions prior to 4.19.1 Description: The issue concerns Strapi, an open-source content management system. In affected versions, when a super admin creates a collection with an item associated to another collection, a user with the...

The vulnerability of the deleteFiles() function in the web application of the Common Service Desktop of the ultrasonic diagnostic system from GE Healthcare allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the deleteFiles function in the Common Service Desktop web application of GE HealthCare is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

The vulnerability of the iwl_dbg_tlv_overrideTrigNode() function in the Intel iwlwifi wireless communication adapter driver for Linux operating systems allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the function iwldbgtlvoverrideTrigNode in the driver drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c of the Intel iwlwifi wireless adapter driver for the Linux operating system is related to writing beyond the allocated buffer. Exploitation of this vulnerability could allow ...

The vulnerability of the TIPC (Process-to-Process Communication Service) in the Linux operating system allows a attacker to gain access to protected data.

The vulnerability of the TIPC Process-to-Process Communication Service in the Linux operating system is related to the lack of initialization for data sent by users. Exploiting this vulnerability can allow attackers to gain access to protected data...

The vulnerability of the Windows Cloud Files Mini Filter driver allows a hacker to disclose protected information.

The vulnerability of the Windows Cloud Files Mini Filter driver in operating systems is related to data type mixing errors. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability relates to the collection of tools and libraries used for data processing and report rendering in Power BI client JS SDK. It stems from insufficient validation of input data, allowing an attacker to gain unauthorized access to protected information.

The vulnerability of the tools and libraries used for data processing and report rendering in Power BI client JS SDK is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using specially create...

The vulnerability of the PowerScale OneFS operating system, related to the use of cryptographic algorithms containing defects, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the PowerScale OneFS operating system is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

The vulnerability of the PowerScale OneFS operating system, related to insufficient validation of input data, allows attackers to compromise the integrity of protected information.

The vulnerability of the PowerScale OneFS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the protected information...

The vulnerability of the software for creating local copies of deleted container registries, such as the Mirror registry for Red Hat OpenShift, arises from the unencrypted storage of critical information. This allows an intruder to gain unauthorized access to protected data.

The vulnerability of the Mirror registry software for Red Hat OpenShift, which is used to create local copies of deleted container images, is related to the unencrypted storage of critical information. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized...