Lucene search
K

361 matches found

CVE
CVE
added 2024/04/22 12:0 a.m.56 views

CVE-2023-38296

CVE-2023-38296 affects TCL 30Z and TCL A3X devices, where the ICCID is leaked to a system property (persist.sys.tctPowerIccid) accessible by any local app without permissions. The issue arises because a high-privilege process exposes the non-resettable device identifier indirectly. Affected build...

8CVSS6.6AI score0.00266EPSS
Exploits0References1
CVE
CVE
added 2024/04/22 12:0 a.m.53 views

CVE-2023-38301

CVE-2023-38301 describes a third-party component issue in vendor.gsm.serial that lets any local app read the device serial number via the vendor.gsm.serial system property without permissions. Affected devices span multiple manufacturers: BLU View 2; Boost Mobile Celero 5G; Sharp Rouvo V; Motorol...

3.4CVSS6.7AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2024/04/22 12:0 a.m.56 views

CVE-2023-38291

CVE-2023-38291 describes a leakage of the Wi‑Fi MAC address via the system propertyro.boot.wifimacaddr in devices from multiple manufacturers. Connected sources (Red Hat, NVD, CNVD, CVE list, vuln enrichment) confirm a third‑party component issue affecting TCL devices (30Z, 10L) and Motorola devi...

7.1CVSS6.6AI score0.00155EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/03/26 9:30 p.m.29 views

Ignite Realtime Openfire privilege escalation vulnerability

An issue in Ignite Realtime Openfire v.4.8.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...

7.2CVSS7.2AI score0.01431EPSS
Exploits2References9Affected Software1
NVD
NVD
added 2024/03/26 9:15 p.m.37 views

CVE-2024-25420

An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...

7.2CVSS6.8AI score0.0165EPSS
Exploits2References6
CVE
CVE
added 2024/03/26 12:0 a.m.74 views

CVE-2024-25420

Analyzed CVE-2024-25420 with connected sources: Ignite Realtime Openfire up to version 4.8.1 is affected by a privilege-escalation flaw due to improper handling of the admin.authorizedJIDs system property. Red Hat entries for CVE-2024-25420 corroborate the remote attack vector, enabling an attack...

7.2CVSS7.5AI score0.0165EPSS
Exploits2References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/26 12:0 a.m.15 views

CVE-2024-25420

An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component...

7.5AI score0.0165EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2024/03/20 2:45 p.m.57 views

GeoServer log file path traversal vulnerability

Impact This vulnerability requires GeoServer Administrator with access to the admin console to misconfigured the Global Settings for log file location to an arbitrary location. This can be used to read files via the admin console GeoServer Logs page. It is also possible to leverage RCE or cause...

7.2CVSS7.2AI score0.00841EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.7 views

PT-2024-9579

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions prior to 11.0.2, 10.1.34, or 9.0.98. Description The Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default...

10CVSS8.1AI score0.43663EPSS
Exploits13References277
Prion
Prion
added 2024/02/09 6:15 p.m.28 views

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

5CVSS7.1AI score0.03306EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/09 5:29 p.m.7 views

CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.5AI score0.03306EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 5:29 p.m.47 views

CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.7AI score0.03306EPSS
Exploits0References2
CVE
CVE
added 2024/02/09 5:29 p.m.99 views

CVE-2023-50291

CVE-2023-50291 — Insufficiently Protected Credentials (Apache Solr) : The issue affects Solr 6.0.0–8.11.2 and 9.0.0–9.3.0, where the /admin/info/properties endpoint could leak credentials because some sensitive properties (e.g., basicauth, aws.secretKey) were published in the UI. Access is gated ...

7.5CVSS7AI score0.03306EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/23 12:30 p.m.43 views

GHSA-85P4-Q357-72H9 Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

5.5CVSS5AI score0.00346EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/11/23 12:30 p.m.24 views

Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

5.5CVSS5AI score0.00346EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2023/11/09 7:59 a.m.20 views

Information Disclosure

org.wildfly.core: wildfly-controller is vulnerable to Information Disclosure. The vulnerability is caused by a missing authorization check in the resolve-expression HAL interface while reading a system property or environment variables. This can lead to a malicious user accessing the Wildfly syst...

6.5CVSS6.8AI score0.00834EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2023/10/25 6:17 p.m.34 views

CVE-2023-43488

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

7.9CVSS7.6AI score0.00193EPSS
Exploits0References1
Prion
Prion
added 2023/10/25 6:17 p.m.25 views

Design/Logic Flaw

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

4.3CVSS7.4AI score0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/25 1:27 p.m.17 views

CVE-2023-43488

The vulnerability allows a low privileged untrusted application to modify a critical system property that should be denied, in order to enable the ADB Android Debug Bridge protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical...

7.9CVSS6.7AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.7 views

PT-2023-28842 · Google · Android Debug Bridge +1

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue allows a low-privileged application to modify a critical system property, enabling the exposure of the Android Debug Bridge ADB protocol on the network. This can be exploited to...

7.9CVSS7.4AI score0.00193EPSS
Exploits0References2
Rows per page
Query Builder