An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to comm ...
Continue Reading06 февраля, 2024
Impact Data Validation Detail The parseCompactionRetention function in embed/etcd.go allows the retention variable value to be negative and causes the node to execute the history compaction in a loop, ...
Continue Reading06 февраля, 2024
Vulnerability type Cryptography Workarounds Refer to the gateway documentation. The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. Detail Secu ...
Continue Reading06 февраля, 2024
Vulnerability type Logging Detail etcd users who have no password can authenticate only through a client certificate. When such users try to authenticate into etcd using the Authenticate endpoint, err ...
Continue Reading06 февраля, 2024
Vulnerability type Cryptography Detail The TLS ciphers list supported by etcd by default contains weak ciphers. Workarounds Provide a desired ciphers using the --cipher-suites flag as described with e ...
Continue Reading06 февраля, 2024
The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API ...
Continue Reading06 февраля, 2024
Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw c ...
Continue Reading06 февраля, 2024
Brandon Rothel from QED Secure Solutions has found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploi ...
Continue Reading06 февраля, 2024
Back to Main