1925 matches found
Nextcloud: Nextcloud Tables app - inserting rows to an arbitrary table possible
The Nextcloud Tables app was found to have a vulnerability that allowed inserting rows to an arbitrary table. The vulnerability was disclosed in a security advisory...
Siemens SCALANCE M-800, RUGGEDCOM RM1224
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
CVE-2024-37283 Elastic Agent Insertion of Sensitive Information into Log File
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...
Windows Firewall Control 6.11.0 Unquoted Service Path Vulnerability
Exploit Title: Microsoft Windows Firewall Control 6.11.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage: http://www.binisoft.org Softwar...
CVE-2024-39817
CVE-2024-39817 affects Cybozu Office 10.0.0–10.8.6. The issue involves insertion of sensitive information into data sent by the product, enabling a logged-in user to view data they should not access when performing a search in Custom App. Impact is confidentiality breach (CVE reports HIGH). Publi...
Security Bulletin: IBM Storage Ceph is vulnerable to the Insertion of Sensitive Information Into Sent Data in the RHEL UBI (CVE-2023-46218)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-46218. Vulnerability Details CVEID:CVE-2023-46218 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...
CVE-2024-31200
A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser...
CVE-2024-31200
A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser...
AccPack Khanepani 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : AccPack Khanepani v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
DEBIAN-CVE-2024-41041
In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...
The vulnerability of dependency managers for Swift and Objective-C CocoaPods allows an attacker to gain unauthorized access to protected information about certain projects, modify their contents, or replace it with arbitrary code by exploiting errors in data handling.
The vulnerability of dependency managers for Swift and Objective-C CocoaPods relates to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information about certain dependencie...
Bonjour Service 3,0,0,10 Unquoted Service Path
Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service Path Discovery by: bios Discovery Date: 2024-15-07 Vendor Homepage: https://developer.apple.com/bonjour/ Tested Version: 3,0,0,10 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Home Step to discove...
Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
Exploit Title: Bonjour Service - 'mDNSResponder.exe' Unquoted Service Path Discovery by: bios Discovery Date: 2024-15-07 Vendor Homepage: https://developer.apple.com/bonjour/ Tested Version: 3,0,0,10 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Home Step to discove...
Juniper Networks Junos OS and Juniper Networks Junos OS Evolved Security Vulnerabilities
Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...
CVE-2024-37270 WordPress TrustedLogin Vendor plugin < 1.1.1 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1...
Insertion Of Sensitive Information Into Sent Data
github.com/pomerium/pomerium is vulnerable to Insertion of Sensitive Information Into Sent Data. The vulnerability is due to the inclusion of serialized OAuth2 access and ID tokens from the logged-in user's session in the user info page /.pomerium...
CVE-2024-22276
VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are logged...
CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb
Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...
Johnson Controls Illustra Essentials Gen 4 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...
VMSA-2024-0015: VMware Cloud Director Object Storage Extension addresses an Insertion of Sensitive Information vulnerability (CVE-2024-22276)
Advisory ID: | VMSA-2024-0015 ---|--- Advisory Severity: | Moderate CVSSv3 Range: | 5.3 Synopsis: | VMware Cloud Director Object Storage Extension addresses an Insertion of Sensitive Information vulnerability CVE-2024-22276 Issue Date: | 2024-06-27 Updated On: | 2024-06-27 Initial Advisory CVEs |...