50 matches found
CVE-2024-8852
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full...
CVE-2024-48789
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process...
CVE-2024-48769
An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process...
CVE-2024-5268
CVE-2024-5268 – Sonos Era 100 SMB2 Handling : The vulnerability affects Sonos Era 100 devices via the SMB2 message handling path, where insufficient validation of user data can cause a read past the end of an allocated buffer, enabling information disclosure for network-adjacent attackers. Authen...
EAN for WooCommerce < 4.9.3 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode
Description The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers...
USN-6309-1: Linux kernel vulnerabilities
Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during tableclear operations. A local attacker could use this to cause a denial of service kernel deadlock. CVE-2023-2269 It was discovered that a use-after-free vulnerability existed ...
Cross site request forgery (csrf)
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for...
Security Bulletin: IBM Aspera Faspex 5.0.5 has addressed CVE-2022-4304
Summary This Security Bulletin addresses OpenSSL CVE-2022-4304 where an attacker could obtain sensitve nformation, caused by a timing-based side channel in the RSA Decryption implementation. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...
in mruby/mruby
Description commit 4e8ab145da52c3cfb0bd4b823df8041dcc52f454 Author: Yukihiro "Matz" Matsumoto Date: Tue Feb 8 13:03:51 2022 +0900 Proof of Concept sh $ echo -ne "e30KWyoqMCxtOjBdBHM9MDYudGl0ZXN7My7+////c3slXSN7W11lYWsKYj17fQpbKiowLG06MF3/...
CVE-2020-8561
A flaw was found in Kubernetes. This flaw allows an actor that controls the responses of the MutatingWebhookConfiguration or the ValidatingWebhookConfiguration requests to redirect kube-apiserver requests to the private network of the apiserver. If that user can view kube-apiserver logs when the...
ROS-2-811
2.811 Multiple vulnerabilities in Apache Tomcat CVE-2021-25122, CVE-2021-25329 1. Vulnerability Description: CVE-2021-25122 CVE-2021-25322 CVE-2021-25329 The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due to mismanagement of internal...
Exploit for Exposure of Sensitive System Information to an Unauthorized Control Sphere in Microsoft
CVE-2021-31955 Windows Kernel Informati...
in hascheksolutions/opentrashmail
✍️ Description Hi, there is a local file inclusion vulnerability in opentrashmail. In https://github.com/HaschekSolutions/opentrashmail/blob/master/web/api.phpL23 : php ?php define'DS', DIRECTORYSEPARATOR; define'ROOT', dirnameFILE; // $action = strtolower$REQUEST'a'; $email =...
Code injection
HedgeDoc formerly known as CodiMD is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability t...
Design/Logic Flaw
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This...
KLA12070 Multiple vulnerabilities in Microsoft Dynamics
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Dataverse can be exploited...
Vulnerabilities in OpenSSL affect AIX
IBM SECURITY ADVISORY First Issued: Mon Feb 1 13:42:07 CST 2021 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory32.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory32.asc...
SATO Printers Default Credentials (HTTP)
Multiple SATO printers are shipped with default credentials for the Copyright C 2020 Simmons Foods, Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM WebSphere Cast Iron Solution
Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM WebSphere Cast Iron Solution. IBM WebSphere Cast Iron Solution has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerabl...
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000026 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper validation of user-supplied input by the bnx2x...