Canva Affinity 安全漏洞

Canva Affinity is a range of professional graphic design and image editing software from Canva Australia. Canva Affinity suffers from an out-of-bounds read vulnerability, which can be exploited by an attacker to perform an out-of-bounds read using a specially crafted EMF file to disclose sensitiv...

GHSA-9G5X-MM39-WG9R Apache Superset data query improperly discloses database schema information to low-privileged guest user

When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. Thi...

CVE-2023-25366

In Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS, insecure SCPI interface discloses web password...

CVE-2020-10710

A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password...

elasticsearch: Document disclosure flaw in the Elasticsearch suggester

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled ...

DCE extension for Typo3 Discloses Environment Information

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

CVE-2022-29792

CVE-2022-29792 affects the chipset component in Huawei/HarmonyOS devices, enabling disclosure of CPU serial numbers and thus impacting data confidentiality. Exploitation details are not provided in the documents; the issue is discussed in Huawei/HarmonyOS security bulletins and CNVD/CNNVD entries...

CVE-2017-18887

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members...

CVE-2019-4559

IBM QRadar SIEM isAffected: vulnerable versions 7.3.0–7.3.3 disclose sensitive information to unauthorized users (CVE-2019-4559). Root cause: information disclosure in QRadar SIEM potentially enabling attackers to obtain sensitive data, enabling further attacks. Public CVSS: base score 5.3 (3.0/A...

CVE-2019-4311

CVE-2019-4311 affects IBM Security Guardium Big Data Intelligence (SonarG) 4.0. The vulnerability is an information-disclosure flaw that allows unauthorized users to access sensitive information, potentially enabling further attacks. The vulnerability is documented with CVSS v3.1 base score 5.3 (...

CVE-2018-1949

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429...

CVE-2018-1476

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 140757...

CVE-2016-6099

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system...

DelphiTurk e-Posta 1.0 - Local Exploit

No description provided by source. / DelphiTurk e-Posta v1.0 Local Exploit by Kozan Application: DelphiTurk e-Posta v1.0 Procuder: Delphiturk.com Vulnerable Description: DelphiTurk e-Posta v1.0 discloses passwords to local users. Coded by: Kozan Credits to ATmaCA Web : www.netmagister.com Web2:...

eXeem 0.21 Local Password Disclosure Exploit

No description provided by source. / eXeem v0.21 Local Exploit by Kozan Application: eXeem v0.21 Vendor: www.exeem.com Vulnerable Description: eXeem v0.21 discloses passwords for proxy settings to local users. Discovered & Coded by: Kozan Credits to ATmaCA Web : www.netmagister.com Web2:...

phpBB 2.0.* Discloses Path

phpBB 2.0. Раскрытие пути: /modcp.php?t=несуществующаятема...