Page 271 of 10541 results (0.042 seconds)

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1

XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Change request allows to edit any page by default, and the changes are then exported in an XML file that anyone can download. So it's possible for an attacker to obtain password hash of users by performing an edit on the user profiles and then downloading the XML file that has been created. This is also true for any document that might contain password field and that a user can view. This vulnerability impacts all version of Change Request, but the impact depends on the rights that has been set on the wiki since it requires for the user to have the Change request right (allowed by default) and view rights on the page to target. This issue cannot be easily exploited in an automated way. • https://github.com/xwiki-contrib/application-changerequest/commit/ff0f5368ea04f0e4aa7b33821c707dc68a8c5ca8 https://github.com/xwiki-contrib/application-changerequest/security/advisories/GHSA-2fr7-cc7p-p45q https://jira.xwiki.org/browse/CRAPP-302 • CWE-522: Insufficiently Protected Credentials •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue Existe un posible registro de la clave de Firestore a través del registro dentro de nodejs-firestore: los desarrolladores que registraran objetos a través de this._settings registrarían la clave de Firestore y potencialmente la expondrían a cualquier persona con acceso de lectura de registros. Recomendamos actualizar a la versión 6.1.0 para evitar este problema. • https://github.com/googleapis/nodejs-firestore/pull/1742 • CWE-532: Insertion of Sensitive Information into Log File CWE-922: Insecure Storage of Sensitive Information •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

Exploitation may lead to information disclosure, session theft, or client-side request forgery. • https://www.dell.com/support/kbdoc/en-us/000220107/dsa-2023-425-security-update-for-dell-powerprotect-data-manager-dm5500-appliance-for-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.4EPSS: 0%CPEs: 11EXPL: 0

In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/December-2023 •

CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0

This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-125: Out-of-bounds Read •