3907 matches found
CVE-2024-52067
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
Nextcloud Authorization Issues Vulnerability (CNVD-2025-11222)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an authorization issue vulnerability that originates when an attacker gains access to a user or administrator session to create, change...
Nextcloud Access Control Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an Access Control Error vulnerability that stems from the fact that when a file is blocked by access control, users can still copy an...
Apache NiFi 日志信息泄露漏洞
Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A log information disclosure vulnerability exists in Apache NiFi versions 1.16.0 to 1.28.0 and 2.0.0-M1 to 2.0.0-M4,...
Vulnerability of components of Linux operating system’s kernel’s net/sched module, allowing a hacker to cause a service failure
The vulnerability of the net/sched components in Linux operating systems stems from synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the enetc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the enetc component in the Linux operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
PT-2024-35118 · Apache · Apache Nifi
Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.16.0 through 1.28.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M4 Description: The issue concerns the optional debug logging of Parameter Context values during the flow synchronization process in Apache NiFi. An...
UBUNTU-CVE-2024-53086
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xesyncinfenceget failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. cherry picked from commit 7d1a4258e602ffdce529f56686925034c1b3b095...
Moderate: Red Hat Security Advisory: qemu-kvm security update
An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server During Socket Closure
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline...
The vulnerability of the Win32 kernel subsystem in Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Win32 kernel subsystem in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the wilc1000 component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the wilc1000 component in the Linux operating system arises due to synchronization errors when using a common resource in the wilcparsejoinbssparam function. Exploiting this vulnerability can allow an attacker to cause a service failure...
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...
CVE-2024-11023
Firebase JavaScript SDK utilizes a "FIREBASEDEFAULTS" cookie to store configuration data, including an "authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "authTokenSyncURL" to point to thei...
CVE-2024-11023
Firebase JavaScript SDK stores configuration data in a FIREBASE_DEFAULTS cookie, including an _authTokenSyncURL field. Connected sources describe that if an attacker can preset or modify this cookie, they can redirect the token sync URL to a malicious server and capture user session data transmit...
The vulnerability of the f2fs component of the Linux operating system’s kernel, which allows a hacker to cause a service failure
The vulnerability of the f2fs component of the Linux operating system’s kernel arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-52510 Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...
CVE-2024-52510
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...