101 matches found
CVE-2023-6459 Public endpoint /metrics of Calls plugin reveals channel IDs
Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...
mariadb: crash in multi-update and implicit grouping
An assertion failure was found in the MariaDB Server. This issue is via, 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc, affecting availability...
The vulnerability of the Ceph-crash.service component of the Ceph storage system allows a attacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Ceph-crash.service component of the Ceph storage system is related to the assignment of users to inappropriate groups. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...
SUSE CVE-2015-9004
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perfpmuregister and perfeventopen functions...
SUSE CVE-2016-4416
epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet...
SUSE CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...
SUSE CVE-2020-26797
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::FileGxf::ChooseParserChannelGrouping...
CVE-2022-41746
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...
Spoofing
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in...
mariadb: crash in multi-update and implicit grouping
An assertion failure was found in the MariaDB Server. This issue is via, 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc, affecting availability...
mariadb: crash in multi-update and implicit grouping
An assertion failure was found in the MariaDB Server. This issue is via, 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc, affecting availability...
mariadb: crash in multi-update and implicit grouping
An assertion failure was found in the MariaDB Server. This issue is via, 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc, affecting availability...
mariadb: crash in multi-update and implicit grouping
An assertion failure was found in the MariaDB Server. This issue is via, 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc, affecting availability...
mariadb: crash in multi-update and implicit grouping
An assertion failure was found in the MariaDB Server. This issue is via, 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc, affecting availability...
GHSA-5729-822W-J342 Moodle cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description...
Moodle cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description...
[SECURITY] Fedora 36 Update: golang-github-prometheus-alertmanager-0.23.0-8.fc36
The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It a lso takes care of silencing and inhibition of alerts...
Migrating content from traditional SIEMs to Azure Sentinel
In part two of this three-part series, we covered the five types of side-by-side security information and event management SIEM configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and...
The vulnerability of the grouping module for control devices used to manage servers, databases, reference manuals, and other components of the “Center for Complex Management” system of engineering data and product life cycle management (LOCMan:PLM) allows unauthorized users to load files of a dangerous type indefinitely, enabling them to execute arbitrary code.
The vulnerability of the grouping module for control devices used to manage servers, databases, reference manuals, and other components of the “Center for Control System” in the engineering data and product lifecycle management system LOCsMAN:PLM is related to the unlimited loading of dangerous...
DEBIAN-CVE-2020-26797
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::FileGxf::ChooseParserChannelGrouping...