EUVD-2019-0440

Malware in sbrugna...

PT-2024-35811 · Fcnt · Fcnt Android

Name of the Vulnerable Software and Affected Versions: FCNT Android devices affected versions not specified Description: The issue concerns the exposure of security settings on FCNT Android devices when the screen is unlocked by a user and an attacker can directly operate the device. This can lea...

CVE-2024-44114 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application...

CVE-2024-31325

In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-6300

CVE-2024-6300 affects Conduit. Description and multiple connected sources confirm an incomplete cleanup during redactions, enabling an attacker to check whether certain strings were present in a PDU before redaction. Reported in multiple CVE feeds and vendor advisories; some references note histo...

Design/Logic Flaw

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...

CVE-2023-6459

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...

CVE-2023-6459

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs...

CVE-2023-43794 SQL Injection in nocodb

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

GHSA-64X4-9HC6-R2H6 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

GHSA-V83X-78Q3-GR2J GNU Mailman Postorius Access Control Issues

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

GHSA-F5PG-7WFW-84Q9 CBC padding oracle issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

GHSA-7F33-F4F5-XWGW In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

Design/Logic Flaw

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

CVE-2019-12953

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

CVE-2020-26965

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...

[SECURITY] [DLA 2374-1] gnome-shell security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2374-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 15, 2020 https://wiki.debian.org/LTS -...

Tor: Potential IP revealing using UNC Path in Windows File Picker

Vulnerability description not provided...