3357 matches found
CVE-2022-4311
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation ...
PT-2022-7096 · Pcvue · Pcvue
Name of the Vulnerable Software and Affected Versions: PcVue versions 15 through 15.2.2 Description: An issue exists where sensitive information is inserted into log files, potentially allowing users with access to these logs to discover connection strings of data sources configured for the...
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2022-2809)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2022 : unzip (ALAS2022-2022-221)
The version of unzip installed on the remote host is prior to 6.0-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-221 advisory. - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null...
EulerOS 2.0 SP8 : unzip (EulerOS-SA-2022-2809)
According to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. Thi...
USN-5686-1: Git vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. CVE-2022-39253 Kevin Backhouse discovered that Git...
Authorization
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the processpolylangthemetranslationwploaded function. This makes it possible for unauthenticated attackers to update plugin and theme...
CVE-2022-3850
The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...
PT-2022-26027 · WordPress · Polylang
Name of the Vulnerable Software and Affected Versions: Polylang versions up to, and including, 3.2.16 Description: The Theme and plugin translation for Polylang is vulnerable to authorization bypass due to missing capability checks in the process polylang theme translation wp loaded function. Thi...
PT-2022-17038
Name of the Vulnerable Software and Affected Versions qs versions prior to 6.10.3 Express versions prior to 4.17.3 Description The issue allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the convertstrings function in tinfo/readentry.c, which allows attackers to crash the service when processing corrupt terminfo data. Remediation Upgrade ncurses to version 6.3 or higher. References - GitHub Commit ...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Insecure Random Number Generator
phpservermon/phpservermon uses an insecure random number generator. The vulnerability exists because of the insecure mtrand random number generator function in the loginWithCookieData function of User.php, allowing an attacker to guess the strings it generates...