CVE-2024-39732

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user. IBM X-Force ID: 295791...

PT-2024-22321 · Unknown +1 · Jupyter Server +2

Name of the Vulnerable Software and Affected Versions: Jupyter Scheduler versions 1.0.0 through 1.1.5 Jupyter Scheduler version 1.2.0 Jupyter Scheduler versions 1.3.0 through 1.8.1 Jupyter Scheduler versions 2.0.0 through 2.5.1 Description: Jupyter Scheduler is a collection of extensions for...

golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...

LG Simple Editor 安全漏洞

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from an XML External Entity Handling vulnerability due to an improper restriction on XML External Entity XXE references, where a...

CVE-2024-2476 OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion

The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadthemepanelpane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose...

CVE-2024-2476

CVE-2024-2476 concerns OceanWP for WordPress. The vulnerability is due to a missing capability check in load_theme_panel_pane, affecting all versions up to 3.5.4. The impact, as described in the sources, is unauthorized access to data for authenticated users with subscriber-level access and above...

GitLab Enterprise Edition Security Vulnerability

GitLab Enterprise Edition EE is a content management system from the U.S.-based GitLab, Inc. A security vulnerability exists in GitLab Enterprise Edition versions 12.0 through 16.7.6, 16.8 through 16.8.3, and 16.9 through 16.9.1, which stems from a vulnerability that allows bypassing the group ip...

Planka 路径遍历漏洞

Planka is Planka open source a Trello-like Kanban built using React and Redux. Planka v1.5.2 before the version of the path traversal vulnerability , the vulnerability stems from if the user of the web server is root , an attacker will be able to read any file in the system . Using this...

PYSEC-2022-199

The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items when instantiating Ctx objects...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by the window.showSaveFilePicker function that parses and returns environment variable values to the user when passing environment variables, which can be exploited by an attacker to...

FUXA 代码问题漏洞

FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA 1.1.3 that originates from obtaining sensitive information from the server's internal environment and services, which could typically lead to an attacker executing commands...

Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects

Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized...

DEBIAN-CVE-2019-14433

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensiti...

CVE-2018-1625

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410...

IBM Security Privileged Identity Manager Information Disclosure Vulnerability (CNVD-2019-27591)

IBM Security Privileged Identity Manager ISPIM is an identity management product within the IBM Identity Governance and Management solution from IBM in the United States. The product is designed to protect, automate and audit the use of privileged identities to help defend against insider threats...

DEBIAN-CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

PT-2018-15182

Name of the Vulnerable Software and Affected Versions YARA version 3.8.1 Description The issue arises from the design of the YARA virtual machine, where bytecode in a specially crafted compiled rule can expose information about its environment. This occurs in the libyara/exec.c component...

IBM Security Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-24832)

IBM Security Key Lifecycle Manager formerly known as Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A security vulnerability exists in IB...

CVE-2017-3226

CVE-2017-3226 concerns Das U-Boot’s AES-CBC environment encryption (CONFIG_ENV_AES=y). A crafted two‑byte sequence in the encrypted environment data can trigger an error during environment variable parsing, which is improperly handled and leads to an immediate process termination with a debugging...

IBM Security Guardium Big Data Intelligence Information Disclosure Vulnerability (CNVD-2018-16540)

IBM Security Guardium is the comprehensive data security platform. An information disclosure vulnerability exists in IBM Security Guardium Big Data Intelligence SonarG version 3.1. It allows an attacker to gain access to data related to the environment, users, and more...