160 matches found
EUVD-2024-46546
Malicious code in bioql PyPI...
EUVD-2023-36856
Malicious code in bioql PyPI...
EUVD-2023-1999
Malicious code in bioql PyPI...
GHSA-7PGF-PPXW-8624 Apache Zeppelin exposes server resources to unauthenticated attackers
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...
CVE-2024-41169
The attacker can use the raft server protocol in an unauthenticated way. The attacker can see the server's resources, including directories and files. This issue affects Apache Zeppelin: from 0.10.1 up to 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue by removin...
Honeywell Experion Server 安全漏洞
Honeywell Experion Server is a high-performance industrial control system server from Honeywell USA for the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server PKS versions 520.1 to 520.2 TCU9 HF1 and 530 to 530 TCU3, and OneWireless WDM...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the duplicated context process. An attacker can access sensitive data from another transaction by triggering the duplication of an already duplicated context. Note: Duplicating a duplicated conte...
CVE-2024-28023
A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code...
CVE-2024-5313
CWE-668: Exposure of the Resource Wrong Sphere vulnerability exists that exposes a SSH interface over the product network interface. This does not allow to directly exploit the product or make any unintended operation as the SSH interface access is protected by an authentication mechanism. Impact...
CVE-2023-31103
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick...
CVE-2023-5751
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere...
CVE-2022-32530
A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile...
CVE-2025-3522 Leak of hashed Window credentials via crafted attachment URL
Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...
CVE-2020-5280
http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalizatio...
The vulnerability of the Ruijie Reyee OS operating system, related to the exposure of resources for unauthorized parties, allows a violator to obtain the device serial number.
The vulnerability of the Ruijie Reyee OS is related to the exposure of resources for unauthorized parties. Exploiting this vulnerability allows a remote attacker to obtain the device’s serial number by intercepting Wi-Fi signals...
CVE-2024-39553
An Exposure of Resource to Wrong Sphere vulnerability in the sampling service of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to send arbitrary data to the device, which leads msvcsd process to crash with limited availability impacting Denial of Service DoS a...
PT-2024-28529 · Juniper Networks · Junos Evolved
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions 21.4 through 21.4R3-S7-EVO Juniper Networks Junos OS Evolved versions 22.2 through 22.2R3-S3-EVO Juniper Networks Junos OS Evolved versions 22.3 through 22.3R3-S2-EVO Juniper Networks Junos OS Evolve...
CVE-2024-28023
A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code...
CVE-2024-28023
The CVE-2024-28023 entry concerns a vulnerability in the message queueing mechanism used by Hitachi Energy FOXMAN-UN / UNEM (Hitachi FOXMAN-UN server and related APIGateway components). Connected documents corroborate a risk that exploitation could lead to exposure of resources or functionality t...
CVE-2024-28023
A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code...