361 matches found
CVE-2023-38296
CVE-2023-38296 affects TCL 30Z and TCL A3X devices, where the ICCID is leaked to a system property (persist.sys.tctPowerIccid) accessible by any local app without permissions. The issue arises because a high-privilege process exposes the non-resettable device identifier indirectly. Affected build...
CVE-2023-38301
CVE-2023-38301 describes a third-party component issue in vendor.gsm.serial that lets any local app read the device serial number via the vendor.gsm.serial system property without permissions. Affected devices span multiple manufacturers: BLU View 2; Boost Mobile Celero 5G; Sharp Rouvo V; Motorol...
CVE-2023-38291
CVE-2023-38291 describes a leakage of the Wi‑Fi MAC address via the system propertyro.boot.wifimacaddr in devices from multiple manufacturers. Connected sources (Red Hat, NVD, CNVD, CVE list, vuln enrichment) confirm a third‑party component issue affecting TCL devices (30Z, 10L) and Motorola devi...
Ignite Realtime Openfire privilege escalation vulnerability
An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...
CVE-2024-25420
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...
CVE-2024-25420
Analyzed CVE-2024-25420 with connected sources: Ignite Realtime Openfire up to version 4.8.1 is affected by a privilege-escalation flaw due to improper handling of the admin.authorizedJIDs system property. Red Hat entries for CVE-2024-25420 corroborate the remote attack vector, enabling an attack...
CVE-2024-25420
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...
GeoServer log file path traversal vulnerability
Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...
PT-2024-9579
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions prior to 11.0.2, 10.1.34, or 9.0.98. Description The Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default...
Design/Logic Flaw
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
CVE-2023-50291
CVE-2023-50291 — Insufficiently Protected Credentials (Apache Solr) : The issue affects Solr 6.0.0–8.11.2 and 9.0.0–9.3.0, where the /admin/info/properties endpoint could leak credentials because some sensitive properties (e.g., basicauth, aws.secretKey) were published in the UI. Access is gated ...
GHSA-85P4-Q357-72H9 Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...
Information Disclosure
org.wildfly.core: wildfly-controller is vulnerable to Information Disclosure. The vulnerability is caused by a missing authorization check in the resolve-expression HAL interface while reading a system property or environment variables. This can lead to a malicious user accessing the Wildfly syst...
CVE-2023-43488
The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...
Design/Logic Flaw
The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...
CVE-2023-43488
The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...
PT-2023-28842 · Google · Android Debug Bridge +1
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue allows a low-privileged application to modify a critical system property, enabling the exposure of the Android Debug Bridge ADB protocol on the network. This can be exploited to...