36 matches found
CVE-2023-42955
Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the...
Hardcoded credentials
Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...
CVE-2023-1305
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...
CVE-2023-1306
An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...
SUSE: Security Advisory (SUSE-SU-2022:4457-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1
CVE-2021-44224 affecting package httpd for versions less than 2.4.52-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-24716 Path traversal in Icinga Web 2
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...
CVE-2021-41121 Memory corruption in Vyper
Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0...
VecCopy allows misaligned access to elements
VecCopy::data is created as a Vec of u8 but can be used to store and retrieve elements of different types leading to misaligned access. The issue was resolved in v0.5.0 by replacing data being stored by Vec with a custom managed pointer. Elements are now stored and retrieved using types with prop...
CVE-2020-7943
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...
HackerOne: Open Redirection in [https://www.hackerone.com/index.php]
You are resolved open redirect issue report 439075.This report publicly disclosed. but this issue again work at this time. When a user visit http://www.hackerone.com/index.php/index.php.evil.com user will be redirected to www.hackerone.com.evil.com Steps To Reproduce Click on this link...
CVE-2019-1711 Cisco IOS XR gRPC Software Denial of Service Vulnerability
A vulnerability in the Event Management Service daemon emsd of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this...
Rockstar Games: Smuggle SocialClub's Facebook OAuth Code via Referer Leakage
In this report, the researcher provided a POC in which they were able to combine two issues to create a condition that potentially could have allowed an attacker to obtain OAuth tokens. One of the issues involved allowing external content to load in our Screenshot Viewer tool; we resolved this...
adf.ly Open Redirect vulnerability
Vulnerable URL: http://adf.ly/ad/locked?url=//openbugbounty.org/=s Details: Description| Value ---|--- Patched:| Yes, at 04.05.2016 Latest check for patch:| 04.05.2016 03:50 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 127 VIP website status:| Yes...
java-1.7.0-openjdk security update
1:1.7.0.75-2.5.5.1.0.1.el71 - Update DISTRONAME in specfile 1:1.7.0.75-2.5.5.1 - repacked sources - Resolves: rhbz1209072 1:1.7.0.75-2.5.5.0 - Bump to 2.5.5 using OpenJDK 7u79 b14. - Update OpenJDK tarball creation comments - Remove test case for RH1191652 now fix has been verified. - Drop AArch6...
java-1.6.0-openjdk security update
1.6.0.0-1.36.b17 - removed plugin. How it comes in?! - Resolves: rhbz676295 1.6.0.0-1.33.b17 - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz676295 1.6.0.0-1.22.b17 - Updated to 1.7.9 tarball - removed patch6, fixed upstrream ...