9 matches found
PT-2026-47060
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...
CVE-2020-10591
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via...
EUVD-2022-0854
Malicious code in bioql PyPI...
CVE-2019-9585
eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON API has Improper Access Control for Interface.Metadata related operations, resulting in the ability to read, set and deletion of Metadata...
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...
GHSA-6566-9526-52V6 Exposure of Sensitive Information to an Unauthorized Actor in Concord
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via...
Insecure Cross-Origin Resource Sharing
concord-server-impl uses an insecure cross-origin resource sharing policy. The CORS configuration does not verify that requests originates from the same Origin. This allows an attacker to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey...
CVE-2020-10591
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via...
Design/Logic Flaw
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...