21 matches found
EUVD-2024-40922
Malicious code in bioql PyPI...
CVE-2024-44170
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitive data...
CVE-2024-44170
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, watchOS 11. An app may be able to access user-sensitive data...
CVE-2024-27839
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...
CVE-2024-27839
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location...
CVE-2023-46249 authentik potential installation takeover when default admin user is deleted
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...
Dgraph Audit Log Encryption Vulnerability
Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...
GHSA-92WQ-Q9PQ-GW47 Dgraph Audit Log Encryption Vulnerability
Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...
CVE-2023-28190
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data...
CVE-2023-28190
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data...
PT-2022-10609 · Unknown · Ansible-Runner
Name of the Vulnerable Software and Affected Versions: ansible-runner version 2.0.0 Description: A flaw was found in ansible-runner where the default temporary files configuration is written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading...
CVE-2020-28209
A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agen...
CVE-2020-1279
An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'...
CVE-2020-1279
An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'...
Windows Lockscreen Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. An authenticated attacker could modify a registry value...
Housemates. The new Red Team?
You have the VPN set up, you have 2FA, you have a good enforced password policy, firewalls are in place, you even managed to squeeze in some remote training to make employees more aware of potential phishing. You stop, breathe a sigh of relief, and then think… I've no idea who my employees live...
Microsoft Windows: User Account Control: Only elevate UIAccess applications that are installed in secure locations
This policy setting enforces the requirement that apps that request running with a UIAccess integrity level by means of a marking of UIAccess=true in their app manifest, must reside in a secure location on the file system. Relatively secure locations are limited to the following directories: -...
Product update: Virtuozzo 7.0 Update 6 (7.0.6-635)
The Update 6 for Virtuozzo 7.0 provides new features, security fixes as well as stability and usability bug fixes. Vulnerability id: PSBM-69459 Downloadable ISO images of Virtuozzo as well as their MD5 and SHA256 checksums can now be verified against the GPG key stored at a secure location. For...
CVE-2017-5230
The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk...
SOL15299 - Linux kernel vulnerability CVE-2013-2888
Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate the ri...