EUVD-2008-0313

Malware in sbrugna...

In Quarkus, git credentials could be inadvertently published

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk...

CVE-2023-52499 powerpc/47x: Fix 47x syscall return crash

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

CVE-2023-52499

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

TotalCloud Insights: Hidden Risks of Amazon S3 Misconfigurations

Misconfiguring Amazon S3 Buckets Can Pose Major Risks Amazon Web Services AWS is the world’s largest cloud security provider, and it provides the ability to store massive amounts of cloud-resident data with the Amazon Simple Storage Service S3 bucket. Amazon S3 is an object storage solution known...

Denial Of Service (DoS)

github.com/vitessio/vitess is vulnerable to Denial of Service DoS attacks. Users are able to create a shard containing characters from VTAdmin, resulting in an error and no longer being able to view the keyspaces. This can be done either intentionally or inadvertently by using the / character...

CVE-2022-31070

NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies e.g. session cookies from being forwarded to backend services configured by the application developer. This could have led to sensitive cooki...

Mozilla Firefox Security Advisory (MFSA2014-81) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2020-1978 VM-Series on Microsoft Azure: Inadvertent collection of credentials in Tech support files on HA configured VMs

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability HA inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credentials associated with the Contributor role in...

Default credentials

A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users...

CVE-2019-0381

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user...

Design/Logic Flaw

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user...

CVE-2019-0381

A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user...

GE Aviation Passwords, Source Code Exposed in Open Jenkins Server

A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure. GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine...

CVE-2018-5165

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...

heimdal -- bypass of capath policy

Viktor Dukhovni reports: Commit f469fc6 2010-10-02 inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With...

Inconsistent video sharing within iframe — Mozilla

Mozilla developers Eric Shepherd and Jan-Ivar Bruaroey reported issues with privacy and video sharing using WebRTC. Once video sharing has started within a WebRTC session running within an , video will continue to be shared even if the user selects the Stop Sharing" button in the controls. The...

Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13837/info Microsoft Outlook Express is prone to an attachment file extension obfuscation vulnerability that may present a risk under certain configurations. The issue manifests due to Microsoft Outlook Express behavior...

HP-UX Update for NFS/ONCplus HPSBUX02509

Check for the Version of NFS/ONCplus OpenVAS Vulnerability Test HP-UX Update for NFS/ONCplus HPSBUX02509 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2008-0303

The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce...