90 matches found
PT-2024-24280 · Ibm · Ibm Openbmc
Name of the Vulnerable Software and Affected Versions: IBM OpenBMC versions FW1050.00 through FW1050.10 Description: The BMCWeb HTTPS server component in IBM OpenBMC could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. Recommendations: For versions...
Information Disclosure
neos/neos is vulnerable to Information Disclosure. The vulnerability is due to improper access controls allowing the viewing of internal workspaces without authentication. This allows attackers to read sensitive content from internal workspaces without permission...
How to Find and Fix Risky Sharing in Google Drive
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally...
Design/Logic Flaw
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file
In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. When the kylin service runs over HTTP or other plain text protocol, it is possible for network sniffers to hijack the HTTP...
PT-2023-8684 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.2.1 Description: A session rendering issue was addressed with improved session tracking. This issue may cause a user who shares their screen to unintentionally share the incorrect content. The problem is...
CVE-2023-42916
A flaw was found in WebKitGTK. Processing malicious web content may cause an out-of-bounds read due to an improper input validation, resulting in sensitive content leaking...
CVE-2022-48364
The undomarkstatusesassensitive method in app/services/approveappealservice.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive...
CVE-2022-39061
ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services...
Design/Logic Flaw
ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services...
CVE-2022-39061 ChangingTec MegaServiSignAdapter - Out-of-bounds Read
ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services...
Apple macOS 安全漏洞
Apple macOS is a specialized operating system developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura prior to version 13.2, which stems from a permissions issue where applications may be able to access user-sensitive content...
YouTube transparency report shows battle against misinformation
Statistics for YouTube community guidelines enforcement are now available for the period April to June 2022, via Googles Transparency Report. YouTube channels are terminated if they accrue three community guideline strikes in 90 days, have a case of severe abuse predatory behaviour, for example, ...
Input validation
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
CVE-2022-2943 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the almrepeatersexport function. This makes it possible for authenticated attackers, with administrative...
GHSA-V4VJ-49M5-WJHW Plone vulnerable to unauthorized disclosure of site content
Plone versions 3.3 before 4.3.10 and 5.x before 5.0.5 allow remote attackers to obtain information about the ID of sensitive content via unspecified vectors...
China’s Olympics App Is Horribly Insecure
China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, ha...
Doppler VDP: Stored XSS in [https://dashboard.doppler.com/workplace/*/logs] pages
Summary: I have found a stored XSS vulnerability in the following config setting page. https://dashboard.doppler.com/workplace//projects/example-project/configs/dev/logs When you invite other users to the workspace, the xss could be used to exploit other users also. Steps To Reproduce: 1 . Visit...