268 matches found
Improper Access Control
github.com/fabedge/fabedge is vulnerable to Improper Access Control. The vulnerability is due to improperly configured permissions allowing access to sensitive data and escalate privileges by obtaining the service account's token. Attackers can exploit this vulnerability to access sensitive...
CVE-2024-23485
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...
CVE-2024-23485
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...
CVE-2024-23485
Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation CWE-1304 in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs to momentarily allow free access. This issue affects: Gallagher Controller 6000 and...
CVE-2024-23485
CVE-2024-23485 affects Gallagher Controller 6000 and 7000. Root cause: improper preservation of hardware configuration state during a power save/restore operation, which can cause Aperio-connected door locks to momentarily allow free access. Affected versions span 8.60 and prior; 8.70 prior to vC...
CVE-2024-38354 Cross-site Scripting in Hackmd.io Notes lead by HTML Injection
CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe HTML tags with an improperly sanitized name attribute. This vulnerability enables attackers to perform cross-site scripting XSS attacks via DOM clobbering. This...
CVE-2024-29415
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...
CVE-2023-43040
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...
CVE-2023-43539
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame...
Authorization
Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame...
PT-2024-13112 · Qualcomm · Snapdragon +141
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a transient Denial of Service DOS that occurs when processing an improperly formatted 802.11az Fine Time Measurement protocol frame. ...
CentOS 9 : keylime-6.5.2-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the keylime-6.5.2-1.el9 build changelog. - A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists t...
CVE-2023-42282
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...
CVE-2023-51379
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...
Authorization
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.17.19, 3.8.12, 3.9.7, 3.10.4, and...
Authorization
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...
PT-2023-31800 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.7 through 3.7.18 GitHub Enterprise Server versions 3.8 through 3.8.11 GitHub Enterprise Server versions 3.9 through 3.9.6 GitHub Enterprise Server versions 3.10 through 3.10.3 GitHub Enterprise Server...
GitHub Enterprise Server Security Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.12, prior to...
Hitachi Energy RTU500 Series Improper Neutralization of Input During Web Page Generation (CVE-2023-5767)
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross- site scripting on the webserver due to an RDT language file being improperly sanitized. This plugin only works with Tenable.ot. Please visit...
Cross site scripting
A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized...