Astra Linux - уязвимость в curl

Curl versions 7.62.0 through 7.70.0 are vulnerable to an information disclosure vulnerability that can result in a partial password being leaked over the network and to the DNS servers...

Astra Linux - уязвимость в libcommons-net-java

Prior to Apache Commons Net 3.9.0, Net’s FTP client trusted the host based on the PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user had to connect to the malicious server in the first place. This could result in the leakage of...

Microsoft Azure Data Explorer information leakage vulnerability

Microsoft Azure Data Explorer is a cloud-native data platform developed by the American company Microsoft. There is an information leakage vulnerability present in Microsoft Azure Data Explorer. Attackers can exploit this vulnerability to leak information through the network...

GHSA-R6J8-C6R2-37RR kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

Microsoft Office 信息泄露漏洞

Microsoft Office is an office software suite product of Microsoft Corporation, USA.OfficePLUS is the official Office plug-in from Microsoft. A spoofing vulnerability exists in Microsoft OfficePlus, which can be exploited by attackers to spoof and obtain sensitive information over the network...

Azure Stack Hub Information Disclosure Vulnerability

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network...

CVE-2024-44276

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitive information...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot. An attacker exploiting this vulnerability could leak between 4 and 32 bytes of memory stored behind packets to the netwo...

GHSA-C38W-74PG-36HR Marvin Attack: potential key recovery through timing sidechannels

Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...

CVE-2023-36672

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an...

CVE-2023-36672

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an...

apache-commons-net: FTP client trusts the host from PASV response by default

A flaw was found in Apache Commons Net's FTP, where the client trusts the host from PASV response by default. A malicious server could redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This issue could lead to leakage of...

Atlassian Jira Service Management 4.21.x < 4.22.2 Internal Network Leakage Service-Side Request Forgery

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.14.x prior to 4.2.8 or 4.21.x prior to 4.22.2. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal...

Atlassian Jira Service Desk < 4.13.20 Internal Network Leakage Service-Side Request Forgery

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is prior to version 4.13.20. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal network resources via a...

Atlassian Jira Service Management 4.14.x < 4.20.8 Internal Network Leakage Service-Side Request Forgery

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.14.x prior to 4.2.8 or 4.21.x prior to 4.22.2. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal...

UBUNTU-CVE-2021-37533

Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about...

CVE-2020-8555

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

CVE-2019-13271

Edimax BR-6208AC V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert...

CVE-2019-13265

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert...

CVE-2019-13268

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage ...