157 matches found
CVE-2025-15480
In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...
CVE-2025-15480 Senstive information disclosure was affecting ubuntu-desktop-provision
In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...
CVE-2025-15480
CVE-2025-15480 affects ubuntu-desktop-provision 24.04.4 in Ubuntu. If a user fails installation and submits a bug report to Launchpad, the attached logs could include the user’s password hash, leading to confidential data exposure. The impact is described as a password-hash disclosure in crash-re...
Ubuntu Desktop Provision 安全漏洞
Ubuntu Desktop Provision is an open-source desktop configuration tool developed by Canonical. Version 24.04.4 of Ubuntu Desktop Provision contains a security vulnerability, which stems from improper handling of crash reports and could lead to password hash leaks...
PT-2026-31614
In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs...
Siemens APE1808 Incorrect Provision of Specified Functionality (CVE-2025-58325)
An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands. This plugin only works with...
Unchecked Return Value
Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper error handling in the provision function. An attacker can gain unauthorized access by presenting a client certificate signed by any system-trusted certificate authority, bypassing the intended...
Unchecked Return Value
Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper error handling in the provision function. An attacker can gain unauthorized access by presenting a client certificate signed by any system-trusted certificate authority, bypassing the intended...
Incorrect Provision of Specified Functionality
Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...
CVE-2021-2461
Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications component: Provision API. The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2021-47725
STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...
CVE-2021-47725 STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting via Files Parameter
STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...
CVE-2021-47725
CVE-2021-47725 affects STVS ProVision 5.9.10. The vulnerability is an authenticated, reflected cross-site scripting flaw in the HTML context via the POST parameter named “files,” where input is not properly validated. Exploitation allows an attacker with credentials to inject arbitrary HTML/JS th...
STVS ProVision 跨站脚本漏洞
STVS ProVision is an advanced video management system from STVS, Inc. A cross-site scripting vulnerability exists in STVS ProVision version 5.9.10, which stems from insufficient validation of the files POST parameter input, which could allow an authenticated attacker to inject arbitrary HTML code...
CVE-2021-47723
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...
CVE-2021-47724
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...
EUVD-2021-34725
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...
CVE-2021-47724
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...
CVE-2021-47723
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...
CVE-2021-47723
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users...