ROS-20240725-11

A vulnerability in the NVIDIA GPU Display Driver software driver for Linux is related to privilege management errors. Exploitation of the vulnerability could allow an attacker to disclose protected information and cause a denial of service A vulnerability in the NVIDIA GPU Display Driver for Linu...

ROS-20240805-04

Vulnerability in HashiCorp Vault and Vault Enterprise enterprise information archiving platforms is related to errors in the certificate authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the authentication process Vulnerability in the...

CVE-2024-6567

The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have displayerrors set to true. This makes it possible for unauthenticat...

PT-2024-6082 · Qemu +8 · Qemu Nbd Server +8

Name of the Vulnerable Software and Affected Versions: QEMU NBD Server affected versions not specified Description: A flaw was found in the QEMU NBD Server, allowing a denial of service DoS attack via improper synchronization during socket closure when a client keeps a socket open as the server i...

PT-2024-37723 · WordPress · Ebook Store

Name of the Vulnerable Software and Affected Versions: Ebook Store plugin for WordPress versions up to, and including, 5.8001 Description: The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure due to the plugin utilizing fpdi-protection and not preventing direct access to tes...

The vulnerability of the TCP/IP Connectivity Utilities component in IBM i operating systems allows attackers to enhance their privileges.

The vulnerability of the TCP/IP Connectivity Utilities component in IBM i operating systems is related to access control errors. Exploiting this vulnerability allows attackers to enhance their privileges...

CVE-2024-5250

In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations...

CVE-2024-5250 Overly Verbose Errors in SAML Integration

In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations...

CVE-2024-5250

CVE-2024-5250 affects Akana API Platform versions prior to 2024.1.0, where SAML integration error messages are overly verbose. The issue is documented across multiple feeds (NVD/Red Hat/Son to ENISA and PT Security) and centers on verbose SAML error reporting rather than a runtime compromise vect...

PT-2024-35341 · Akana · Akana Api Platform

Name of the Vulnerable Software and Affected Versions: Akana API Platform versions prior to 2024.1.0 Description: The issue concerns overly verbose errors found in SAML integrations. Recommendations: For versions prior to 2024.1.0, update to version 2024.1.0 or later to resolve the issue...

ROS-20240730-10

Mbed TLS software vulnerability is related to errors in encryption processing in DTLS connections DTLS when using a null cipher or RC4 cipher. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

python: Path traversal on tempfile.TemporaryDirectory

A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link...

ROS-20240729-10

Vulnerability in HttpServletRequest.getParameter andHttpServletRequest.getParts functions of servlet container Eclipse Jetty is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The Eclipse Jetty...

The vulnerability of the Elastick Stack Filebeat software, which logs log messages, is related to errors in input data in the httpjson format. As a result, the content of the http-request headers for Authorization or Proxy-Authorization may be logged in the debugging logs, allowing an intruder to access confidential information.

The vulnerability of the Elastick Stack Filebeat software for logging records is related to errors in the httpjson input data. As a result, the content of the http-request headers Authorization or Proxy-Authorization may be logged in the debugging logs. Exploiting this vulnerability can allow an...

CVE-2024-6545

The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pa...

CVE-2024-6549 Admin Post Navigation <= 2.1 - Unauthenticated Full Path Disclosure

The Admin Post Navigation plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pat...

CVE-2024-6545 Admin Trim Interface <= 3.5.1 - Unauthenticated Full Path Disclosure

The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full pa...

CVE-2024-6548 Add Admin JavaScript <= 2.0 - Unauthenticated Full Path Dislcosure

The Add Admin JavaScript plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path...

PT-2024-37706 · WordPress · Admin Post Navigation

Name of the Vulnerable Software and Affected Versions: Admin Post Navigation plugin for WordPress versions up to and including 2.1 Description: The issue allows unauthenticated attackers to retrieve the full path of the web application, which can aid other attacks. This is due to the plugin...

PT-2024-37702 · WordPress · Admin Trim Interface

Name of the Vulnerable Software and Affected Versions: Admin Trim Interface plugin for WordPress versions up to, and including, 3.5.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin utilizes bootstrap and leaves test files with display errors on. This...