369 matches found
CVE-2024-22348 IBM UrbanCode Velocity cross-origin resource sharing
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
CVE-2024-22348 IBM UrbanCode Velocity cross-origin resource sharing
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...
The vulnerability of the Acrobat Reader PDF viewing and editing software is related to synchronization errors when using a common resource, allowing attackers to escalate their privileges.
The vulnerability of the Acrobat Reader PDF viewing and editing software is related to synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to increase their privileges...
Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations
Summary Multiple vulnerabilities in IBM DevOps Velocity have been address in IBM DevOps Velocity version 5.0.1 Vulnerability Details CVEID:CVE-2024-22348 DESCRIPTION: IBM UCV - UrbanCode Velocity uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions...
CVE-2024-31146
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be...
DEBIAN-CVE-2024-31146
When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be...
CVE-2024-31146
The CVE-2024-31146 entry concerns the Xen hypervisor vulnerability related to PCI device pass-through with shared resources. The connected advisories (Debian DSA-5836-1 and SUSE SUSE-SU-2024:3586-1, and related OpenVAS/Nessus entries) confirm affected product as Xen and cite PCI BARs sharing a pa...
Cross-Origin Resource Sharing (CORS) Bypass
github.com/usememos/memos is vulnerable to Cross-Origin Resource Sharing CORS Bypass. The vulnerability is due to a CORS misconfiguration where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true, which may allow an attacker to perform cross-origin requests,...
CVE-2023-37526
The CVE-2023-37526 entry concerns HCL DRYiCE Lucy (now AEX). A CORS misconfiguration in the mobile app could allow unauthorized access to application resources from any web domain and enable cache poisoning, per sources in NVD/CVE records. The root cause is a CORS misconfiguration in the app, wit...
CVE-2023-37526 HCL DRYiCE Lucy v9 (now AEX) is affected by a Cross Origin Resource Sharing (CORS) Vulnerability
HCL DRYiCE Lucy now AEX is affected by a Cross Origin Resource Sharing CORS vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning attacks...
Westermo Lynx 206-F2G Permissive Cross-Domain Policy with Untrusted Domains (CVE-2023-45213)
A potential attacker with access to the device would be able to execute malicious code that could affect the correct functioning of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Cross-Origin Resource Sharing (CORS) Bypass
@kindspells/astro-shield is vulnerable to Cross-Origin Resource Sharing CORS Bypass. This vulnerability due to the introduction of valid integrity attributes to injected code and SRI hash added to the generated Content Security Policy CSP header, fooling the browser into believing that the inject...
CVE-2023-30996 IBM Cognos Analytics cross-origin resource sharing
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290...
CVE-2023-30996 IBM Cognos Analytics cross-origin resource sharing
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 could be vulnerable to information leakage due to unverified sources in messages sent between Windows objects of different origins. IBM X-Force ID: 254290...
CVE-2023-50940 IBM PowerSC cross-resource origin sharing
IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. IBM X-Force ID: 275130...
Westermo Lynx 206-F2G
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : Lynx 206-F2G Vulnerabilities : Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of Sensitive Information, Cross-Site Request...
CVE-2023-46281
A vulnerability has been identified in Opcenter Execution Foundation All versions V2407, Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal...
CVE-2023-49803 @koa/cors has overly permissive origin policy
@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...
CVE-2023-49803 @koa/cors has overly permissive origin policy
@koa/cors npm provides Cross-Origin Resource Sharing CORS for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request...
Design/Logic Flaw
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration...