3 matches found
Weblate leaks information via screenshots
Impact The screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. Patches https://github.com/WeblateOrg/weblate/pull/17516 References Thanks to Lukas May and Michael Leu...
PT-2022-13242 · Unknown +1 · @Uppy/Companion +1
Name of the Vulnerable Software and Affected Versions: uppy versions prior to 3.3.1 @uppy/companion versions prior to 3.3.1 Description: The issue allows for exposure of sensitive information to an unauthorized actor. It also enables incorrect authorization, where a user with URL upload access...
OpenJDK temporary files have guessable file names (6721753)
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...