Security Bulletin: Technical Support Appliance - possible security flaw in managing memory

Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is no longer used, potentially exposing security related information. Vulnerability Details CVEID:CVE-2023-52922 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: can: bcm...

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...

CVE-2023-42955

CVE-2023-42955 concerns FileMaker Server prior to 20.3.1, where passwords for the Admin Role could be exposed to front-end websites via the Node.js socket while signed in to the Admin Console with an administrator role. The issue has been fixed in FileMaker Server 20.3.1 by eliminating the sendin...

CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

Design/Logic Flaw

In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the...

Format string

Unisys Stealthcore before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials...

SUSE-SU-2020:1858-1 Security update for permissions

This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues bsc1171883...

CVE-2019-10448

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2017-18550

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacgethbainfo does not initialize the hbainfo structure...

CVE-2017-18550

An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aacgethbainfo does not initialize the hbainfo structure...

Security Advisory - Information Leak Vulnerability in FusionCompute Products

There is a vulnerability in FusionCompute that enables common users to query unauthorized information. An attacker can exploit this vulnerability to query other users' information, leading to information leaks. Vulnerability ID: HWPSIRT-2015-10048 This vulnerability has been assigned Common...

Shopify: SSL cookie without secure flag set

hello shopify security team, I have found security vulnerability. Vulnerable URL :- https://app.shopify.com/services/signup/track/ The following cookie was issued by the application and does not have the secure flag set: signupsessionid=0875b12b680173807271e6c444a964e8; path=/; expires=Mon, 04 Ma...