1032 matches found
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2023-6588
Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...
CVE-2023-6588
CVE-2023-6588 affects Devolutions Workspace (versions 2023.3.2.0 and earlier) where offline mode is always enabled in the Devolutions Server data source. The underlying issue allows an attacker with access to the Workspace application to access credentials while offline. The NVD entry lists a CVS...
CVE-2023-6071
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source...
Command injection
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source...
CVE-2023-6071
An Improper Neutralization of Special Elements used in a command vulnerability in ESM prior to version 11.6.9 allows a remote administrator to execute arbitrary code as root on the ESM. This is possible as the input isn't correctly sanitized when adding a new data source...
CVE-2023-47627
creationtimestamp| type| source ---|---|--- 2023-11-14 16:36:28+00:00| published-proof-of-concept| https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg 2026-01-19 23:20:05+00:00| seen| https://gist.github.com/konard/0d69c914be52c3cee3437d4858b1c259...
grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
A flaw was found in Grafana. The vulnerability impacts data source and plugin proxy endpoints under certain conditions. Grafana could leak the authentication cookie of users to plugins, which could result in an impact to confidentiality, integrity, and availability...
grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
A flaw was found in Grafana's use of the GitLab data source plugin, leaking the API key to gitlab. This can result in the destination plugin receiving a Grafana user's authentication token, which could be used by an attacker...
October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture
October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture. Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities...
CVE-2023-5765
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching...
CVE-2023-5765
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching...
Improper access control
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching...
CVE-2023-5765
The CVE-2023-5765 entry concerns Devolutions Remote Desktop Manager (Windows) with versions 2023.2.33 and earlier, where an improper access control in the password analyzer allows bypassing permissions via data source switching. Exploitation details are not provided in the documents, and the core...
CVE-2023-5765
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching...
CVE-2023-5765
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching...
Information Disclosure
github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...
The vulnerability of Juniper Networks JunOS Evolved router models from the PTX10001, PTX10004, PTX10008, and PTX10016 series lies in the data source verification mechanism’s deficiencies. This allows attackers to trigger a system reboot.
The vulnerability of Juniper Networks JunOS Evolved router models series PTX10001, PTX10004, PTX10008, and PTX10016 lies in defects in the mechanism for verifying data sources during MAC address processing. Exploiting this vulnerability allows a malicious actor to trigger a system reboot...
The vulnerability of Juniper Networks JunOS Evolved router series PTX10003 operating systems, related to deficiencies in the data source verification mechanism, allows attackers to circumvent security restrictions and cause service failures.
The vulnerability of Juniper Networks JunOS Evolved router series, PTX10003, is related to deficiencies in the mechanism for verifying data sources during MAC address processing. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and cause service failures...
SUSE CVE-2023-4457
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...