SUSE CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

EUVD-2026-12823

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets...

CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

CVE-2025-36425 IBM Db2 Information Disclosure

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration...

Genivia gSOAP 安全漏洞

Genivia gSOAP is a C/C++ software development kit with automatic coding from Genivia, Inc. A security vulnerability exists in Genivia gSOAP, which originates from a denial of service due to a high CPU load caused by an unauthenticated, remote attacker forcing the parsing of XML with duplicate ID...

CVE-2024-46755

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiexgetprivbyid mwifiexgetprivbyid returns the priv pointer corresponding to the bssnum and bsstype, but without checking if the priv is actually currently in use. Unused priv pointe...

GHSA-F3H7-GPJJ-WCVH Spin applications with specific configuration vulnerable to potential network sandbox escape

Impact Some specifically configured Spin applications that use self requests without a specified URL authority can be induced to make requests to arbitrary hosts via the Host HTTP header. If an application's manifest contains a component with configuration such as toml allowedoutboundhosts =...

Sncscan - Tool For Analyzing SAP Secure Network Communications (SNC)

Tool for analyzing SAP Secure Network Communications SNC. How to use? In its current state, sncscan can be used to read the SNC configurations for SAP Router and DIAG SAP GUI connections. The implementation for the SAP RFC protocol is currently in development. SAP Router SAP Routers can either...

Fedora 37 : xorg-x11-server (2023-f111d2f306)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f111d2f306 advisory. Security fix for CVE-2023-5367, CVE-2023-5380 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Double free

A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration a multi-screen setup with multiple protocol screens, also known as Zaphod mode. If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be...

PT-2023-25882 · Ping Identity · Pingfederate Identifier First Adapter

Name of the Vulnerable Software and Affected Versions: PingFederate Identifier First Adapter affected versions not specified Description: The issue allows for authentication bypass under a very specific and highly unrecommended configuration in the PingFederate Identifier First Adapter...

The Console Does Not Appear After Being Launched

Challenge After launching the Veeam Backup & Replication Console, the splash screen appears, and the application is shown in the taskbar, but the Console does not appear, and the mouseover preview is blank. Cause The Console's window position is off the edge of the screen. When the Veeam Backup &...

CVE-2022-26870

Dell PowerStore versions 2.1.0.x contain an Authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability under specific configuration. An attacker would gain unauthorized access upon successful exploit...

Siemens Mendix Applications using Mendix 9 注入漏洞

Mendix is a high-productivity application platform that enables the building and continuous improvement of mobile and web applications at scale.Siemens Mendix is vulnerable to an expression injection vulnerability that could be exploited by an attacker to compromise sensitive information in a...

CVE-2020-35488

The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service daemon crash via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslo...

CVE-2020-35488

The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service daemon crash via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslo...

Design/Logic Flaw

voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuratio...

Linux: Read /etc/login.defs (KB)

The /etc/login.defs file defines the site-specific configuration for the shadow password suite. This file is required. Absence of this file will not prevent system operation, but will probably result in undesirable operation. Note: This script only stores information for other Policy Controls...