CVE-2020-7295

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to delete or download protected log data via improper access controls in the user interface...

WSO2 Enterprise Integrator 安全漏洞

WSO2 Enterprise Integrator is an open source hybrid integration platform from WSO2, Inc. in the United States. The platform supports communication between multiple applications. A security vulnerability exists in WSO2 Enterprise Integrator that stems from insufficient privilege restrictions in th...

EUVD-2018-6886

Malware in sbrugna...

CVE-2020-27254

Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information...

CVE-2024-32474

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validatesuperuser. An attacker with access to the log data could use...

Vulnerability fixed in JBoss Wildfly

A vulnerability has been fixed in Wildfly. The vulnerability allows a malicious person with access to the log data of the Wildfly instance to be able to obtain clear-text stored passwords. obtain. Red Hat has released updates to fix the vulnerability in Wildfly. More information can be found on t...

luci: unauthorized administrative access granted to non-administrative users

It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding use...