6 matches found
GHSA-4766-X535-JW3R kgateway is missing xDS authorization
Summary The xDS interface in Kgateway versions 2.0.0 through 2.0.4 lacks authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster...
PT-2024-27943 · Ibm · Ibm Storage Defender - Resiliency Service
Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service versions 2.0.0 through 2.0.4 Description: The issue is related to an agent username and password error response discrepancy, which exposes the product to brute force enumeration. Recommendations: For...
be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.1.RELEASE), be.personify.iam:personify-frontend (=1.5.1.RELEASE) +51 more potentially affected by CVE-2023-34036 via org.springframework.hateoas:spring-hateoas (>=2.0.0 <=2.0.4)
org.springframework.hateoas:spring-hateoas MAVEN version =2.0.0, =1.5.0.RELEASE, =1.5.0.RELEASE, =0.2.6, =1.6.9, =1.0, =1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2.0.0, =2.0.4 - com.wizzdi:FlexiCore =7.0.0 and more Source cves: CVE-2023-34036 Source advisory: OSV:GHSA-7M5C-FGWF-MWPH...
Converse.js User Simulation Vulnerability
Converse.js is a free, open source XMPP chat client that runs in your browser. A security vulnerability exists in versions 0.8.0 through 1.0.6 and 2.0.0 through 2.0.4 of Converse.js due to the program's failure to properly implement "XEP-0280: Message Carbons". A remote attacker could exploit thi...
Wireshark RLC Dissector Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A remote denial of service vulnerability exists in Wireshark versions 2.0.0 to 2.0.4 and...
PT-2012-1848 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 2.0.0 through 2.0.4 Moodle versions 2.1.0 through 2.1.1 Description: The file browser component does not properly restrict access to category and course data, allowing remote attackers to obtain potentially sensitive informati...