334 matches found
RHEL 6 : tomcat5 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: security manager bypass via IntrospectHelper utility function CVE-2016-5018 - The Realm...
Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.5and8.0.37security-8 advisory. - The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4,...
CVE-2023-38302
A certain software build for the Sharp Rouvo V device SHARP/VZWSTTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN00530:user/release-keys leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special...
CVE-2023-38300
A certain software build for the Orbic Maui device Orbic/RC545L/RC545L:10/ORB545LV1.4.2BVZPP/230106:user/release-keys leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party...
vendor.gsm.serial 安全漏洞
vendor.gsm.serial is a component. A security vulnerability exists in vendor.gsm.serial, which originates from a security issue in a third-party component related to vendor.gsm.serial that ships with the device, and can disclose the device serial number to system properties. The following products...
CVE-2023-38302
A certain software build for the Sharp Rouvo V device SHARP/VZWSTTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN00530:user/release-keys leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special...
CVE-2023-38300
A certain software build for the Orbic Maui device Orbic/RC545L/RC545L:10/ORB545LV1.4.2BVZPP/230106:user/release-keys leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party...
CVE-2023-38302
A certain software build for the Sharp Rouvo V device SHARP/VZWSTTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN00530:user/release-keys leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special...
CVE-2023-38302
CVE-2023-38302 affects a Sharp Rouvo V device build (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys). The vulnerability arises because the device leaks the Wi‑Fi MAC address and the Bluetooth MAC address to system properties that any local app can access without p...
CVE-2023-38300
CVE-2023-38300 affects the Orbic Maui device (Orbic/RC545L/RC545L:10/ORB545L_V1.4.2_BVZPP/230106:user/release-keys). A high-privilege process leaks non-resettable identifiers by exposing IMEI via persist.sys.verizon_test_plan_imei and ICCID via persist.sys.verizon_test_plan_iccid to system proper...
PT-2024-12705 · Orbic · Orbic Maui
Name of the Vulnerable Software and Affected Versions: Orbic Maui device version ORB545L V1.4.2 BVZPP Description: A certain software build for the Orbic Maui device leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or...
TCL 安全漏洞
Tcl is a freely available open source package. It provides a powerful platform for creating integrated applications that tie together various applications, protocols, devices and frameworks. A security vulnerability exists in the TCL 30Z, A3X, 20XE, and 10L, which stems from the fact that certain...
CVE-2023-38300
A certain software build for the Orbic Maui device Orbic/RC545L/RC545L:10/ORB545LV1.4.2BVZPP/230106:user/release-keys leaks the IMEI and the ICCID to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party...
[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40
The Commons Configuration software library provides a generic configuration interface which enables a Java application to read configuration data from a variety of sources. Commons Configuration provides typed access to single, and multi-valued configuration parameters as demonstrated by the...
Fedora: Security Advisory for apache-commons-lang3 (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: apache-commons-lang3-3.14.0-5.fc40
The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. The Commons Lang Component provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical...
BIT-SOLR-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...
Insufficiently Protected Credentials
Apache Solr is vulnerable to Insufficiently Protected Credentials. The vulnerability is caused due to system property redaction logic inconsistencies. This allows an attacker to access sensitive system properties, including credentials such as passwords or secret keys...
CVE-2023-50291
A flaw was found in Apache Solr. The /admin/info/properties endpoint, which publishes the Solr process' Java system properties, is only setup to hide system properties that have "password" contained in the name. There are a number of sensitive system properties, such as "basicauth" and...
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...