Security Bulletin: Vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2023-50290)

Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr Vulnerability Details CVEID:CVE-2023-50290 DESCRIPTION: Apache Solr could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending ...

DarkGPT - An OSINT Assistant Based On GPT-4-200K Designed To Perform Queries On Leaked Databases, Thus Providing An Artificial Intelligence Assistant That Can Be Useful In Your Traditional OSINT Processes

DarkGPT is an artificial intelligence assistant based on GPT-4-200K designed to perform queries on leaked databases. This guide will help you set up and run the project on your local environment. Prerequisites Before starting, make sure you have Python installed on your system. This project has...

PT-2024-12154 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel versions prior to 05.28.42 Insyde InsydeH2O with kernel versions prior to 05.37.42 Insyde InsydeH2O with kernel versions prior to 05.45.39 Insyde InsydeH2O with kernel versions prior to 05.53.39 Insyde InsydeH2O...

EulerOS 2.0 SP8 : gcc (EulerOS-SA-2024-1265)

According to the versions of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer...

MinIO Bootstrap Verify Information Disclosure

MinIO is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD, resulting in information disclosure. Verified...

CVE-2024-23238

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables...

Design/Logic Flaw

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables...

CVE-2024-23238

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables...

BIT-GITLAB-2021-22252

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...

BIT-GITLAB-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...

BIT-GITLAB-2022-1406

Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project...

BIT-WORDPRESS-2020-28034

WordPress before 5.5.2 allows XSS associated with global variables...

BIT-SOLR-2023-50290 Apache Solr: Host environment variables are published via the Metrics API

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designe...

BIT-REDASH-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

BIT-GOLANG-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

BIT-GRADLE-2021-32751 Arbitrary code execution via specially crafted environment variables

Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. Thi...

Gitlab -- Vulnerabilities

Gitlab reports: Bypassing CODEOWNERS approval allowing to steal protected variables Guest with manage group access tokens can rotate and see group access token with owner permissions...

Important: nodejs20

Issue Overview: The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. This misleading documentation affects all users using the experimental permission model in active release lines: 20.x and 21.x. Please note...

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2024:0644-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0644-1 advisory. Update to 18.19.1: security updates CVE-2024-21892: Code injection and privilege escalation through Linux capabilities bsc1219992...

CentOS 9 : polkit-0.117-8.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the polkit-0.117-8.el9 build changelog. - A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow...