Lucene search
+L

334 matches found

osv
osv
added 2024/02/09 6:15 p.m.1 views

DEBIAN-CVE-2023-50291

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.5CVSS6.8AI score0.03306EPSS
Exploits0References1
prion
prion
added 2024/02/09 6:15 p.m.28 views

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

5CVSS7.1AI score0.03306EPSS
Exploits0References2Affected Software1
ubuntucve
ubuntucve
added 2024/02/09 6:15 p.m.37 views

CVE-2023-50291

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.5CVSS6.8AI score0.03306EPSS
Exploits0References3
osv
osv
added 2024/02/09 6:15 p.m.2 views

UBUNTU-CVE-2023-50291

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.5CVSS6.9AI score0.03306EPSS
Exploits0References4
debiancve
debiancve
added 2024/02/09 5:29 p.m.42 views

CVE-2023-50291

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.5CVSS6.9AI score0.03306EPSS
Exploits0
cvelist
cvelist
added 2024/02/09 5:29 p.m.52 views

CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.7AI score0.03306EPSS
Exploits0References2
veracode
veracode
added 2024/01/17 7:0 a.m.33 views

Sensitive Information Exposure

org.apache.solr: solr-core is vulnerable to Sensitive Information Exposure. The vulnerability is caused due to publishing all unprotected environment variables available to each Apache Solr instance thorough Solr Metrics API. An attacker can access Sensitive Information by exploiting this...

6.5CVSS7AI score0.68665EPSS
Exploits0References4Affected Software1
redhatcve
redhatcve
added 2024/01/12 9:31 p.m.115 views

CVE-2023-50290

A flaw was found in Apache Solr. This issue may allow an unauthorized actor access to sensitive information. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the...

6.5CVSS6.2AI score0.68665EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/11/08 12:56 a.m.22 views

CVE-2023-4061 Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...

6.5CVSS6AI score0.00834EPSS
Exploits0References6
cvelist
cvelist
added 2023/11/08 12:56 a.m.53 views

CVE-2023-4061 Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...

6.5CVSS6.5AI score0.00834EPSS
Exploits0References6
cnnvd
cnnvd
added 2023/10/25 12:0 a.m.6 views

Bosch ctrlX HMI Web Panel WR21 Security Vulnerability

Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in Bosch ctrlX HMI Web Panel WR21, which originated from a vulnerability that allows a low-privileged attacker to gain root privileges by modifying critical system properties and exposing the ADB...

7.9CVSS7AI score0.00193EPSS
Exploits0References2
redhat
redhat
added 2023/10/06 7:21 a.m.3 views

wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...

6.5CVSS5.7AI score0.00834EPSS
Exploits0References4
redhat
redhat
added 2023/10/06 3:41 a.m.5 views

wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...

6.5CVSS5.7AI score0.00834EPSS
Exploits0References4
redhat
redhat
added 2023/10/05 8:23 p.m.3 views

wildfly-core: Management User RBAC permission allows unexpected reading of system-properties to an Unauthorized actor

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system...

6.5CVSS5.7AI score0.00834EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/10/04 12:0 a.m.4 views

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Oct-2023 Release 1 version, which stems from improper access control of system propertie...

5.5CVSS6.7AI score0.00157EPSS
Exploits0References2
prion
prion
added 2023/08/21 7:15 a.m.24 views

Design/Logic Flaw

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

6.4CVSS8.3AI score0.01855EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2023/08/21 6:55 a.m.18 views

CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.4AI score0.01855EPSS
Exploits0References5
cvelist
cvelist
added 2023/08/21 6:55 a.m.43 views

CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.6AI score0.01855EPSS
Exploits0References5
attackerkb
attackerkb
added 2023/05/22 4:15 p.m.4 views

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

9.8CVSS5.9AI score0.00932EPSS
Exploits1References2
cvelist
cvelist
added 2023/05/22 12:0 a.m.34 views

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

9.4AI score0.00932EPSS
Exploits1References1
Rows per page
Query Builder