Astra Linux - уязвимость в linux, linux-5.15

A flaw was discovered in cifs-utils. When attempting to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may result in the disclosure of sensitive data from the host’s Kerberos...

Exploit for Incorrect Authorization in Canonical Ubuntu_Linux

CVE-2023-32629 — OverlayFS Local Full Privilege Escalation Ove...

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

git-lfs: Git LFS permits exfiltration of credentials via crafted HTTP URLs

A flaw was found in the Git LFS git extension. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the git-credential1 command without checking for embedded line-ending control characters and then sends any credentials it receives back from the Gi...

USN-7162-1 curl vulnerability

Harry Sintonen discovered that curl incorrectly handled credentials from .netrc files when following HTTP redirects. In certain configurations, the password for the first host could be leaked to the followed-to host, contrary to expectations...

SUSE CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity...

CVE-2022-28144

Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...

DEBIAN-CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity...

Information Disclosure

foreman is vulnerable to information disclosure. Remote authenticated attacker with limited permissions for powering oVirt/RHV hosts on and off could discover the username and password used to connect to the compute resource...

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Man-in-the-Middle Attack Vulnerability

The Medfusion 4000 Wireless Syringe Infusion Pump is a syringe infusion pump deployed in healthcare and public health for delivering small doses of medication in acute care settings. The Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump has a man-in-the-middle attack vulnerability that...

ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure

ManageEngine Eventlog Analyzer from v7 to v9.9 b9002 has two security vulnerabilities that allow an unauthenticated user to obtain the superuser password of any managed Windows and AS/400 hosts. This module abuses both vulnerabilities to collect all the available usernames and passwords. First th...