CVE-2025-14267

Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7...

org.eclipse.tractusx.edc:data-encryption (=0.6.0), org.eclipse.tractusx.edc:edc-controlplane (=0.6.0) +5 more potentially affected by CVE-2024-8642 via org.eclipse.edc:transfer-data-plane (=0.5.1)

org.eclipse.edc:transfer-data-plane MAVEN version =0.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.edc:transfer-data-plane and may be impacted: - org.eclipse.tractusx.edc:data-encryption =0.6.0 -...

Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

CVE-2024-8642

In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...

CVE-2024-8642

CVE-2024-8642 affects Eclipse Dataspace Components: versions 0.5.0 up to before 0.9.0 suffer from a missing token validity check in ConsumerPullTransferTokenValidationApiController (expiry, not-before, issuance date). This can enable bypass of token expiration protections when a dataplane is conf...

PT-2024-7968 · Eclipse · Eclipse Dataspace Components

Name of the Vulnerable Software and Affected Versions: Eclipse Dataspace Components versions 0.5.0 through 0.9.0 Description: The issue is related to the ConsumerPullTransferTokenValidationApiController component, which has inadequate authentication procedures. This allows a remote attacker to...

virglrenderer 缓冲区错误漏洞

virglrenderer is a VirGL virtual OpenGL renderer. A buffer error vulnerability exists in Virglrenderer that stems from a failure of the product's readtransferdata function to properly handle memory boundaries. An attacker could use this vulnerability to trigger a denial of service and possibly ru...

Yubico-Piv Buffer Overflow Vulnerability

Yubico-Piv is a tool for interacting with YubiKey's Identity Card PIV application. A buffer overflow vulnerability exists in the 'ykpivtransferdata' function in the lib/ykpiv.c file in Yubico-Piv version 1.5.0, which stems from the program's lack of an error handling mechanism. The vulnerability...

Disguised as Citrix Utility, Kedi RAT Exploits Gmail to Transfer Data

By Uzair Amir A Remote Access Trojan RAT is one of the most used This is a post from HackRead.com Read the original post: Disguised as Citrix Utility, Kedi RAT Exploits Gmail to Transfer Data...

Knot DNS Denial of Service Vulnerability

Knot DNS is a high-performance DNS server developed by the Czech Network Information Center CZ.NIC that supports all the key features of the DNS system, such as zone switching, dynamic updates and DNS Security Extensions DNSSEC. A denial of service vulnerability exists in the Knot DNS server that...

DEBIAN-CVE-2007-2318

Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in 1 FTP server responses or 2 data sent by an FTP server. NOTE: some of these details are obtained from third party information...