11 matches found
Astra Linux - уязвимость в krb5
The vulnerability of the krb5chpwmessage function in the Kerberos authentication protocol is related to insufficient input validation. Exploiting this vulnerability allows an attacker to access confidential data and also cause service interruptions...
CVE-2026-22680 OpenViking < 0.3.3 Missing Authorization via Task Polling
OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allows unauthorized attackers to enumerate or retrieve background task metadata created by other users. Attackers can access the /api/v1/tasks and /api/v1/tasks/taskid routes withou...
ROS-20260401-73-0006
A vulnerability in the pngimagereadcomposite function of the libpng library is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and availability of protected information using a specially...
GHSA-747P-WMPV-9C78 AWS CLI: cli_history database does not restrict file permissions on Unix systems
Summary AWS CLI is a command line tool for interacting with AWS services. When the clihistory feature is enabled, the history database file is created with default permissions, potentially allowing other local users on a multi-user system to read the file. Impact When clihistory is enabled, AWS C...
CVE-2025-65238
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...
SUSE CVE-2013-2633
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters...
USN-3739-1 libxml2 vulnerabilities
Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. CVE-2016-9318 It was discovered that libxml2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of...
USN-3621-1 ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. CVE-2018-1000073 It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. CVE-2018-1000074 It w...
USN-3573-1 quagga vulnerabilities
It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2018-5379 It was discovered that the Quagga BGP daemon did not...
UBUNTU-CVE-2013-5653
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...
blogtorrent remote/local user password disclosure
noglobal security http://noglobal.secnet.org/ | |/ / | / | || || | ||| || | | || |/||||||/ You think you know? but you have no idea.. || | / Security Advisory 2005-0x00 Software: BlogTorrent 0.92 = Vendor: http://www.blogtorrent.com/ Author: LazyCrs && pjphem Date: 10/07/2005 Type: Remote/Local...