The vulnerability of the HTTP client library for Python urllib3, related to improper resource transfer between components, allows attackers to gain unauthorized access to protected information.

The vulnerability of the HTTP client library for Python urllib3 is related to improper handling of the Proxy-Authorization header during redirects between sources. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

PT-2025-3052

Name of the Vulnerable Software and Affected Versions visionOS versions prior to 2.2 tvOS versions prior to 18.2 Safari versions prior to 18.2 watchOS versions prior to 11.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 macOS Sequoia versions prior to 15.2 Description The issue is...

PT-2024-34547 · Jepaas · Jepaas

Name of the Vulnerable Software and Affected Versions: JEPAAS version 7.2.8 Description: The issue allows a remote user to submit a specially crafted query via the /je/rbac/rbac/loadLoginCount API endpoint in the dateVal parameter. This could enable an attacker to retrieve all the information...

CVE-2024-48868

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...

CVE-2024-48867

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...

CVE-2024-48868

CVE-2024-48868 is a CRLF injection vulnerability reported to affect QNAP QTS and QuTS hero. The flaw permits remote modification of application data when exploited. Affected versions have been fixed: QTS 5.1.9.2954 build 20241120 and later; QTS 5.2.2.2950 build 20241114 and later; QuTS hero h5.1....

The vulnerability of cloud software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges, which allows attackers to disclose protected information.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor, operating remotely, to expose protected information...

PT-2024-9576 · Ruijie · Ruijie Reyee Os

Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x Description: The issue is related to inadequate access control, allowing remote attackers to disclose protected information. This could enable sub accounts or attackers to view...

Hewlett Packard Enterprise Insight Remote Support 安全漏洞

Hewlett Packard Enterprise Insight Remote Support HPE Insight RS is a software solution from Hewlett Packard Enterprise USA that enables passive and active remote support to improve the availability of supported remote support. A security vulnerability exists in Hewlett Packard Enterprise Insight...

CVE-2024-50397

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability i...

PT-2024-34173 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.1.2930 build 20241025 QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025 Description: A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system...

The vulnerability of the software for providing secure remote access to data in the GlobalProtect App software from Palo Alto Networks allows a perpetrator to cause service interruptions.

The vulnerability of the software for providing secure remote access to data in the GlobalProtect App software from Palo Alto Networks relates to the handling of the zero pointer. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

WAGO多款产品 安全漏洞

WAGO PFC100 and others are products of WAGO, Germany.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. A security vulnerability exists in a number of WAGO products. The vulnerability stems from...

The vulnerability of the virtual learning environment Moodle, related to the lack of authentication, allows a violator to delete data.

The vulnerability in the virtual learning environment Moodle is related to the lack of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to delete data...

The vulnerability of the software backup function for Brocade SANnav network management systems allows a intruder to gain unauthorized access to protected information.

The vulnerability of the software backup function for Brocade SANnav management involves the insecure storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the escape of operations beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

GHSA-99W6-3XPH-CX78 Ansible-Core vulnerable to content protections bypass

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...

DEBIAN-CVE-2024-11079

A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playboo...