Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mishandling of errors that could lead to resource disclosure...

Mediawiki - CentralAuth Extension Resource Disclosure Vulnerability

Mediawiki - CentralAuth Extension is an extension to MediaWiki designed for the Wikimedia project to manage cross-site user account merging, locking, renaming and other operations. A resource disclosure vulnerability exists in Mediawiki - CentralAuth Extension, which stems from the exposure of...

Mediawiki - GrowthExperiments Extension Default Permission Error Vulnerability

Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A default permission error vulnerability exists in Mediawiki -...

Mediawiki - CentralAuth Extension 安全漏洞

Mediawiki - CentralAuth Extension is an extension to MediaWiki designed for the Wikimedia project to manage cross-site user account merging, locking, renaming and other operations. A resource disclosure vulnerability exists in Mediawiki - CentralAuth Extension, which stems from the exposure of...

Mediawiki - GrowthExperiments Extension 安全漏洞

Mediawiki - GrowthExperiments Extension is an extension to MediaWiki designed to increase new user engagement and the quality of content contributions through a task system, a recommendation mechanism and a mentor feature. A default permission error vulnerability exists in Mediawiki -...

Logo Cloud 安全漏洞

Logo Cloud is a series of cloud-based services and products from Logo Turkey. A security vulnerability exists in Logo Cloud versions prior to 0.67, which stems from a user-controllable key leading to an authorization bypass that could lead to forced browsing and resource disclosure...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an irq domain leak that could lead to resource disclosure...

Erlang/OTP 安全漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library catches exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP versions 17.0 through 28.0.3, 27.3.4.3, and 26.2.5.15, which stems from an...

Akinsoft OctoCloud Security Bypass Vulnerability

Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Akinsoft OctoCloud versions prior to s1.09.02 through v1.11.01 contain a security bypass vulnerability that can be...

Akinsoft ProKuafor Security Bypass Vulnerability

Akinsoft ProKuafor is an online appointment and client management platform from Akinsoft Turkey. Akinsoft ProKuafor versions prior to s1.02.07 to v1.02.08 contain a security bypass vulnerability that can be exploited by attackers to cause a resource disclosure...

Akinsoft ProKuaför 安全漏洞

Akinsoft ProKuafor is an online appointment and client management platform from Akinsoft Turkey. Akinsoft ProKuafor versions prior to s1.02.07 to v1.02.08 contain a security bypass vulnerability that can be exploited by attackers to cause a resource disclosure...

Akinsoft OctoCloud 安全漏洞

Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Akinsoft OctoCloud versions prior to s1.09.02 through v1.11.01 contain a security bypass vulnerability that can be...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the bpfuprobemultilinkattach function in the bpf subsystem that does not properly deregister uprobe in the...

Bravura Security Fabric 安全漏洞

Bravura Security Fabric is a suite of identity and access management software from Bravura Security. A security vulnerability exists in Bravura Security Fabric that stems from an unauthenticated attacker being able to cause a resource disclosure by making multiple failed login attempts via API...

GHSA-JHQX-5V5G-MPF3 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

Impact If GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer i...

CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCach...

CVE-2023-5515

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...

[SECURITY] [DLA 2661-1] jetty9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2661-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 14, 2021 https://wiki.debian.org/LTS -...

Atlassian Bitbucket < 4.14.4 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

The version of Atlassian Bitbucket installed on the remote host is prior to 4.14.4. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the...

Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied

According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is prior to 6.0.0. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue...