GHSA-V6MG-7F7P-QMQP apko Exposure of HTTP basic auth credentials in log output

Summary Exposure of HTTP basic auth credentials from repository and keyring URLs in log output Details There was a handful of instances where the apko tool was outputting error messages and log entries where HTTP basic authentication credentials were exposed for one of two reasons: 1. The%s verb...

CVE-2023-48285

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79...

CVE-2023-47663

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2023-46310

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10...

CVE-2023-45635 WordPress Responsive Tabs plugin < 4.0.6 - HTML Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6...

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service MaaS operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have...

SUSE CVE-2024-36127

apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5...

CVE-2024-36127 apko Exposure of HTTP basic auth credentials in log output

apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5...

RHEL 6 : tomcat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - Apache Tomcat 5.5.0 through...

The vulnerability of the data import function in the 1C8 CMS system’s Netcat module stems from deficiencies in the authentication process. This allows attackers to bypass the HTTP Basic authentication process and gain unauthorized access to the data import function of 1C.

The vulnerability of the automatic data import function in the 1C8 CMS system’s Netcat component is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass the HTTP Basic authentication process and gain unauthorized access to the data impo...

SUSE CVE-2024-36016

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix possible out-of-bounds in gsm0receive Assuming the following: - side A configures the ngsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advance...

Multiple Seiko Solutions Products Security Breach

Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in SkyBridge MB-A100/MB-A110 version 4.2.2 and earlier, SkyBridge BASIC MB-A130 version 1.5.5 and earlier, which stems from a command injection vulnerability that ca...

CVE-2024-36016

A vulnerability was found in the Linux kernel's ngsm driver, affecting the tty subsystem. It occurs when switching between basic and advanced option modes in GSM multiplexing, leading to potential out-of-bounds memory writes. This happens because certain state variables, like gsm-len and gsm-stat...

GHSA-H7V2-2QWG-H829 Symfony has a security issue when parsing the Authorization header

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

PT-2024-10558 · Symfony · Symfony Httpfoundation

Name of the Vulnerable Software and Affected Versions: Symfony HttpFoundation component versions 2.0.X through 2.5.X Description: The issue arises when an application uses HTTP basic or digest authentication, and the Authorization header is not parsed properly by Symfony, potentially allowing...

PT-2024-40324 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns TYPO3's built-in record registration functionality, also known as the "basic shopping cart", which is vulnerable to denial of service when using recs URL parameters. This i...

CVE-2024-36016 tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: fix possible out-of-bounds in gsm0receive Assuming the following: - side A configures the ngsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advance...

DRUPAL-CONTRIB-2024-022

Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...

DEBIAN-CVE-2024-29421

xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code...

UBUNTU-CVE-2024-29421

xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code...