InfoSec News & Tutorials
NAME__________MCUBO ICT information disclosurePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________MCUBO ICT could allow a remote attacker to obtain sensitive information, caused by an observable response discrepancy. By sending multiple requests, an attacker…
NAME__________Apple macOS Ventura, iOS and iPadOS information disclosurePlatforms Affected:Apple macOS Ventura 13.2 Apple iOS 16.3 Apple iPadOS 16.3Risk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Ventura, iOS and iPadOS could allow a local…
NAME__________GitLab information disclosurePlatforms Affected:Risk Level:5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GitLab could allow a remote authenticated attacker to obtain sensitive information, caused by the leak of authorization headers in the DAST API scanner. By…
NAME__________Apple Xcode information disclosurePlatforms Affected:Apple Xcode 14.2Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple Xcode could allow a local attacker to obtain sensitive information, caused by an issue in the Dev Tools component. By…
NAME__________Samba security bypassPlatforms Affected:Samba Samba 4.17.0 Samba Samba 4.18.0Risk Level:5.4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Samba could allow a remote authenticated attacker to bypass security restrictions, caused by an incomplete access check on dnsHostName.…
NAME__________Vira-Investing Investment Tracking System information disclosurePlatforms Affected:Risk Level:5.8Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Vira-Investing Investment Tracking System could allow a remote attacker to obtain sensitive information, caused by improper protection for outbound error messages…
NAME__________Samba information disclosurePlatforms Affected:Samba Samba 4.1.1 Samba Samba 4.1.0 Samba Samba 4.0.9 Samba Samba 4.0.8 Samba Samba 4.0.7 Samba Samba 4.0.6 Samba Samba 4.0.5 Samba Samba 4.0.4 Samba Samba 4.0.2…
NAME__________Samba information disclosurePlatforms Affected:Samba Samba 4.1.1 Samba Samba 4.1.0 Samba Samba 4.0.9 Samba Samba 4.0.8 Samba Samba 4.0.7 Samba Samba 4.0.6 Samba Samba 4.0.5 Samba Samba 4.0.4 Samba Samba 4.0.2…
NAME__________Nextcloud Server and Nextcloud Enterprise Server information disclosurePlatforms Affected:Nextcloud Nextcloud Server 24.0.9 Nextcloud Nextcloud Server 25.0.3 Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Server 24.0.0 Nextcloud Nextcloud Enterprise Server 23.0.0 Nextcloud…
NAME__________Apple macOS Ventura, iOS and iPadOS information disclosurePlatforms Affected:Apple macOS Ventura 13.2 Apple iOS 16.3 Apple iPadOS 16.3Risk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Ventura, iOS and iPadOS could allow a local…
NAME__________Rocket Software UniData and UniVerse information disclosurePlatforms Affected:Rocket Software UniData 8.2.4 Rocket Software UniVerse 11.3.5 Rocket Software UniVerse 12.2.1Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Rocket Software UniData and UniVerse could allow a remote…
NAME__________F5 NGINX Ingress Controller information disclosurePlatforms Affected:F5 NGINX Agent 2.23.2Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________F5 NGINX Ingress Controller could allow a remote authenticated attacker to obtain sensitive information, caused by inserting sensitive…
NAME__________JetBrains IntelliJ IDEA information disclosurePlatforms Affected:Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________JetBrains IntelliJ IDEA could allow a local attacker to obtain sensitive information. By using an external stylesheet path in Markdown preview, attacker…
NAME__________JetBrains IntelliJ IDEA information disclosurePlatforms Affected:Risk Level:6.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________JetBrains IntelliJ IDEA could allow a remote attacker to obtain sensitive information, caused by a insufficiently-protected credentials in an API method used…
NAME__________HashiCorp Vault and Vault Enterprise information disclosurePlatforms Affected:HashiCorp Vault Enterprise 1.11.8 HashiCorp Vault 1.11.8 HashiCorp Vault Enterprise 1.12.4 HashiCorp Vault 1.12.4 HashiCorp Vault 1.13.0 HashiCorp Vault Enterprise 1.13.0Risk Level:5Exploitability:UnprovenConsequences:Obtain Information…
NAME__________OpenImageIO Project OpenImageIO information disclosurePlatforms Affected:OpenImageIO OpenImageIO 2.4.7.1Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________OpenImageIO Project OpenImageIO could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the…
NAME__________OpenImageIO Project OpenImageIO information disclosurePlatforms Affected:OpenImageIO OpenImageIO 2.4.7.1Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________OpenImageIO Project OpenImageIO could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the…
NAME__________GoCD information disclosurePlatforms Affected:GoCD GoCD 22.3.0Risk Level:4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________GoCD could allow a local authenticated attacker to obtain sensitive information, caused by a flaw when the server environment is not correctly…
NAME__________Apple macOS Ventura, iOS and iPadOS information disclosurePlatforms Affected:Apple macOS Ventura 13.2 Apple iOS 16.3 Apple iPadOS 16.3Risk Level:6.2Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Apple macOS Ventura, iOS and iPadOS could allow a local…
NAME__________XunRuiCMS information disclosurePlatforms Affected:Risk Level:4.3Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________XunRuiCMS could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the /config/myfield/test.php script. An attacker could…
NAME__________XunRuiCMS information disclosurePlatforms Affected:Risk Level:4.3Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________XunRuiCMS could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the /dayrui/Fcms/View/system_log.html script. An attacker could…
NAME__________Veracode Scan Jenkins Plugin information disclosurePlatforms Affected:Veracode Veracode Scan Jenkins Plugin 20.6.10.0Risk Level:4.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Veracode Scan Jenkins Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by…
NAME__________Veracode Scan Jenkins Plugin information disclosurePlatforms Affected:Veracode Veracode Scan Jenkins Plugin 20.6.10.0Risk Level:3.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Veracode Scan Jenkins Plugin could allow a local authenticated attacker to obtain sensitive information, caused by…
NAME__________XunRuiCMS information disclosurePlatforms Affected:Risk Level:4.3Exploitability:Proof of ConceptConsequences:Obtain Information DESCRIPTION__________XunRuiCMS could allow a remote authenticated attacker to obtain sensitive information, caused by a direct request in the /dayrui/My/Config/Install.txt script. An attacker…