123 matches found
CVE-2023-34258
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution...
Fedora: Security Advisory for nispor (FEDORA-2023-bf311772cf)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: nispor-1.2.10-4.fc38
Unified interface for Linux network state querying...
CVE-2023-30558 Multiple SQL injections in sql/data_dictionary.py table_list method in Archery - GHSL-2022-105
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...
PT-2023-22779 · Archery · Archery
Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. The issue arises from the sql/instance.py endpoint's describ...
K21230183: NTP vulnerability CVE-2015-7976
Security Advisory Description The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. CVE-2015-7976 Impact A remote user who uses the ntp...
CVE-2022-46151
Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...
CVE-2022-46151 Reflected XSS
Querybook is an open source data querying UI. In affected versions user provided data is not escaped in the error field of the auth callback url in querybook/server/app/auth/oauthauth.py and querybook/server/app/auth/oktaauth.py. This may allow attackers to perform reflected cross site scripting...
CVE-2022-46151
CVE-2022-46151 affects Querybook, where user-provided data in the error field of the auth callback URL (oauth_auth.py and okta_auth.py) is not escaped, enabling reflected XSS if CSP is not enabled or unsafe-inline is allowed. Affected versions are before 3.14.2. Mitigation: upgrade to Querybook 3...
Authentication flaw
BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long tens of kBs and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in the Google Android ActivityManager component that stems from a lack of privilege checking, with a possible way to check the functionality of another process...
[SECURITY] Fedora 36 Update: jid-0.7.6-10.fc36
JSON Incremental Digger is a very simple JSON querying tool. You can drill down JSON interactively by using filtering queries like jq...
[SECURITY] Fedora 35 Update: jid-0.7.6-9.fc35
JSON Incremental Digger is a very simple JSON querying tool. You can drill down JSON interactively by using filtering queries like jq...
[SECURITY] Fedora 36 Update: jid-0.7.6-9.fc36
JSON Incremental Digger is a very simple JSON querying tool. You can drill down JSON interactively by using filtering queries like jq...
Information Disclosure
Mermaid is vulnerable to information disclosure. The vulnerability exists due to a css injection into the generated graph allowing for arbitrary graph modification leading to information disclosure by querying form data by css selectors...
SUSE: Security Advisory (SUSE-SU-2022:2062-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : thunderbird (RHSA-2022:4891)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4891 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.10.0. Security Fixes: Mozilla:...
Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:4870)
The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:4870-1 advisory. - Mozilla: Cross-Origin resource's length leaked CVE-2022-31736 - Mozilla: Heap buffer overflow in WebGL CVE-2022-31737 - Mozilla: Browser window...
SUSE: Security Advisory (SUSE-SU-2022:1920-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications...