125 matches found
CVE-2024-44944
...
Expected Behavior Violation
@backstage/plugin-app-backend is vulnerable to Expected Behavior Violation. The vulnerability is due to the handling of APPCONFIG environment variables, which ignores the visibility defined in the configuration schema. Note: This was an intended feature of the APPCONFIG way of supplying...
Incorrect context paths included in the fallback URL still pass you to the login form when enable-authentication-fallback is enabled.
h3. Issue Summary When using an incorrect fallback URL to bypass SAML, you are still passed to the login form. This can be reproduced using a context path in the URL when no context path is set in the server.xml or by using a misspelled/wrong context path when one is set. This is reproducible on...
PT-2024-38739 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No vulnerable software or affected versions specified. Description: The issue was initially considered but further investigation showed it does not pose a security risk as it falls within the expected functionality and security controls of th...
PT-2024-5331 · Duckdb · Duckdb
Name of the Vulnerable Software and Affected Versions: DuckDB versions 1.0.0 and prior Description: The issue is related to the sniff csv function in DuckDB, which allows access to the filesystem even when enable external access is set to false. This provides an attacker with unauthorized access ...
Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...
CVE-2023-43524
Memory corruption when the bandpass filter order received from AHAL is not within the expected range...
CVE-2024-21475
CVE-2024-21475 affects Qualcomm chipsets; memory corruption occurs when the firmware payload length does not match the expected protocol size, due to improper handling of payload length. Impact is high (C/H/I/A) with a local attack vector, low privileges required, and no user interaction. Remedia...
CVE-2023-43524
CVE-2023-43524 describes memory corruption when the bandpass filter order received from AHAL is not within the expected range. Public documentation ties this to Qualcomm audio components and notes impact on Qualcomm Pixel devices; the Red Hat and CVE listings reiterate the same description. The A...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from an information disclosure when the size of the ADSP payload received in HLOS in response to an Audio Stream Manager Matrix session is less than this...
Virtuozzo Hybrid Infrastructure 6.0 Update 1 Hotfix 3 (6.0.1-89)
This update provides stability improvements. Vulnerability id: VSTOR-82695 Deploying a Kubernetes cluster may take longer than expected. Vulnerability id: VSTOR-82730 Restarting libvirtd causes EFI VMs to reboot...
Design/Logic Flaw
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request...
CVE-2023-32642
Insufficient adherence to expected conventions for some IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access...
Information disclosure
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information...
CVE-2023-20573 Debug Exception Delivery in Secure Nested Paging
A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information...
PT-2024-14052 · D Link · D-Link Dir-605L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L router affected versions not specified Description: A serious issue has been discovered in the D-Link DIR-605L router. The vendor has confirmed the finding but has tagged it as 'won't fix'. A proof-of-concept PoC video has bee...
JIRA REST API /rest/api/2/user/viewissue/search doesn't respect Security Levels
h3. Issue Summary REST API - rest/api/2/user/viewissue/search Does not respect permissions, doing this REST API both on users who have browse permission and no permissions for a single ticket will result in both users still being able to view the issue. See this documentation for reference -...
StaticATokenLM::_claimRewardsOnBehalf: wrong update of _unclaimedRewards[onBehalfOf] if reward > totBal lead to user lose of pending rewards.
Lines of code Vulnerability details Description If for some reason the current contract reward token balance is lower than the rewards meant to be paid to onBehalf address, then this rewards can never be claimed. function claimRewardsOnBehalf address onBehalfOf, address receiver, bool forceUpdate...
Internet Bug Bounty: CVE-2023-28322: more POST-after-PUT confusion
Libcurl, a popular open-source library for transferring data over HTTPS, had a vulnerability CVE-2023-28322 that could allow an attacker to inject data or cause the application to misbehave. The vulnerability was caused by a logic flaw that could cause libcurl to use the wrong callback function...
Siemens SINEC NMS Third-Party
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...