CVE-2023-38037

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...

CVE-2024-56362 Navidrome Stores JWT Secret in Plaintext in navidrome.db

Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. Th...

CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

openSUSE 15 Security Update : etcd (SUSE-SU-2024:3656-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3656-1 advisory. Update to version 3.5.12: Security fixes: - CVE-2018-16873: Fixed remote command execution in cmd/go bsc1118897 - CVE-2018-16874: Fixed directory...

SUSE-SU-2024:3656-1 Security update for etcd

This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: - CVE-2018-16873: Fixed remote command execution in cmd/go bsc1118897 - CVE-2018-16874: Fixed directory traversal in cmd/go bsc1118898 - CVE-2018-16875: Fixed CPU denial of service in crypto/x509 bsc1118899...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2024-2435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-25253 · Phiola · Phiola

Name of the Vulnerable Software and Affected Versions: phiola version 2.0-rc22 Description: An issue in phiola's WAV file handling, specifically in the conv.c file, allows a remote attacker to cause a denial of service via a crafted .wav file. The issue is remotely exploitable. Recommendations: F...

CVE-2024-32051

Insertion of sensitive information into log file issue exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may obtain sensitive information...

The vulnerability of the run() function in the FreeIPA server’s script allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the run function in the ipautil.py script of the FreeIPA server is related to insufficient validation of input data during session establishment when processing the user parameter /sip/session/loginpassword. Exploiting this vulnerability can allow a malicious actor to gain...

SUSE-SU-2024:0549-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file bsc1219243...

Published apps are not displaying content of local file when opened via FTA launcher of CWAforLinux

When opening local files using File Type Association FTA launcher of CWA Linux, the corresponding application launches fine, but with blank document instead of showing the content of the local file...

openBI 访问控制错误漏洞

openBI is a big data visualization solution from openBI, Inc. An access control error vulnerability exists in openBI prior to version 1.0.8, which stems from a problem with the dlfile function in the /application/index/controller/Screen.php file that could lead to incorrect access control...

CVE-2023-38319

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

CVE-2023-38323

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

Restoration with backup file doesn't work issue

Restore by backup file does not work correctly in NetScaler...

Unable to open license error recorded in Windows event log

The Windows Event Log frequently shows an error that the license cannot be opened. The following error appears when adding a Citrix license file .lic and checking the event log. Source: CitrixLicensing Event ID: 20754 Error: Unable to open license file. Please ensure that the file exists and is...

PT-2023-23699 · Intel · Intel On Demand

Name of the Vulnerable Software and Affected Versions: IntelR On Demand software versions prior to 1.16.2 IntelR On Demand software versions prior to 2.1.1 IntelR On Demand software versions prior to 3.1.0 Description: The issue involves the insertion of sensitive information into a log file in...

PT-2023-14762 · WordPress · Icegram Express

Name of the Vulnerable Software and Affected Versions: Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce versions through 5.5.2 Description: The issue is related to the improper neutralization of formula elements in a CSV file, which affects Icegram Express...

CVE-2023-41990

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is...

Apple Xcode Security Vulnerability

Apple Xcode is a set of integrated development environments IDEs provided to developers by Apple Inc. in the United States, which are primarily used to develop applications for Mac OS X and iOS. A security vulnerability exists in Apple Xcode version 14.0, which stems from a parsed file that could...