361 matches found
Local Networks Go Global When Domain Names Collide
The proliferation of new top-level domains TLDs has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didnt exist at the time. Meaning, they are continuously sending their Windows usernam...
The vulnerability of the `/settings/store` API of the pgAdmin database management tool allows a hacker to perform a cross-site scripting attack.
The vulnerability of the /settings/store API of the pgAdmin database management tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
HackerOne: Hackers can Invite Collaborators Without 2FA on Programs Requiring 2FA
Vulnerability description not provided...
The vulnerability of the Identity Manager software component, used for managing and controlling access to corporate resources and IBM Security Verify Governance applications, allows a perpetrator to execute arbitrary code.
The vulnerability of the Identity Manager software component, which is used for managing and controlling access to corporate resources and applications in IBM Security Verify Governance, is related to the lack of security measures taken to protect the website structure. Exploiting this...
amphp/http-client Header leakage on cross-domain redirects
amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matchin...
GHSA-8JP9-MPV9-98RJ amphp/http-client Header leakage on cross-domain redirects
amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matchin...
amphp/http-client Header leakage on cross-domain redirects
amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matchin...
CVE-2024-34346
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...
CVE-2022-40745 IBM Aspera Faspex information disclosure
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452...
Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a...
PT-2024-20485 · Cdex · Cdex
Name of the Vulnerable Software and Affected Versions: CDeX application versions through 5.7.1 Description: The issue is related to a weak password recovery mechanism in the CDeX application, which allows the retrieval of a password reset token. Recommendations: For versions through 5.7.1, update...
edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...
edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...
The vulnerability of the monitoring tool for VMware Aria Operations lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the monitoring tool for VMware Aria Operations is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2024-24771
Open Forms CVE-2024-24771 affects multiple versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2, with a non-exploitable MFA weakness that could allow a second-factor bypass if a superuser’s credentials are compromised. Attack could let the attacker view sensitive submissions or impersonate staff if b...
Tenda AC10U setSmartPowerManagement function stack buffer overflow vulnerability
Tenda AC10U is a wireless router from Tenda China. A stack buffer overflow vulnerability exists in the Tenda AC10U setSmartPowerManagement function, which is caused by a failure of the setSmartPowerManagement function to properly boundary check. An attacker can exploit this vulnerability to cause...
IBM OpenPages with Watson Security Vulnerability
IBM OpenPages with Watson is an AI-powered financial risk analytics solution. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring, analyzing, and managing risk data through a numb...
Privilege escalation for users that can access mock configuration
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...
The vulnerability of the XML Sitemap Generator plugin for the WordPress content management system allows attackers to execute XSS attacks.
The vulnerability of the XML Sitemap Generator plugin for the WordPress content management system exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
IBM WebSphere Application Server Liberty 23.0.0.9 < 23.0.0.11 Security Weakness (7058356)
The IBM WebSphere Application Server Liberty running on the remote host is 23.0.0.9 prior to 23.0.0.11. It may, therefore, provide weaker than expected security due to improper resource expiration handling. Note that Nessus has not tested for this issue but has instead relied only on the...