UBUNTU-CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

Security Bulletin: IBM InfoSphere Information Server is affected by a Sensitive data exposure vulnerability (CVE-2024-22352)

Summary A Sensitive data exposure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22352 DESCRIPTION: IBM InfoSphere Information Server stores potentially sensitive information in log files that could be read by a local user. CVSS Base score:...

GSA Bounty: Information disclosure (system username, server info) in the x-amz-meta-s3cmd-attrs response header on data.gov

Hi Team, I noticed, that the x-amz-meta-s3cmd-attrs response header returns sensitive information, like system username on data.gov x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33184/mtime:1513269652/atime:1513269652/md5:2049644b6b833f5dbb826f60a4721f64/ctime:1513269652 Server:...

GSA Bounty: Root user disclosure in data.gov domain though x-amz-meta-s3cmd-attrs header

I performed a GET request on Host www.data.gov in burp suite to a custom domain and the Response showed the x-amz-meta-s3cmd-attrs header with the user id as root and group id running as root. x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33184/ This represents information...