JAL Information Technology Co., Ltd. Security Vulnerabilities

Microsoft System Center Configuration Manager Database Information

ConfigMgr stores information such as clients it manages, OS version and software packages installed on the client in a database. Much of this information is exposed through Windows Management Instrumentation (WMI). By querying WMI, information about managed clients can be obtained. This script...

CVE-2024-4584 Faraday GM8181/GM828x command_port.ini information disclosure

A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...

Kubernetes client-go vulnerable to Sensitive Information Leak via Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, <...

CVE-2023-50937 IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...

CVE-2023-50939 IBM PowerSC information Disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to insecure cryptographic algorithm and information disclosure due to DB2 JDBC Driver (CVE-2023-47152)

Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for...

Kaseya VSA Information Disclosure Vulnerability - Active Check

Kaseya VSA is prone to an information disclosure...

CVE-2023-50939 IBM PowerSC information Disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...

CVE-2024-4584

A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...

PHP 7.3.x < 7.3.2 Information Disclosure.

According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.2. It is, therefore, affected by: An out-of-bounds read error exists in the dns_get_record function due to improper parsing of DNS responses. An unauthenticated, remote attacker can exploit...

VMware Harbor Information Disclosure (CVE-2019-19030)

An information disclosure vulnerability exists in Harbor versions 1.7.x prior to 1.10.3 and 2.x prior to 2.0.1. An unauthenticated, remote attacker can exploit an enumeration flaw to determine what resources...

Kubernetes client-go vulnerable to Sensitive Information Leak via Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects &lt;= v1.19.5, &lt;= v1.18.13, &lt;= v1.17.15, &lt;...

Microsoft SQL Server Information Disclosure Vulnerability (KB4036996)

Microsoft SQL Server is prone to an information disclosure ...

Microsoft SQL Server Information Disclosure Vulnerability (KB4019092)

This host is missing an important security update according to Microsoft...

CVE-2024-4584

A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...

Microsoft XML Editor Information Disclosure Vulnerability (2543893)

This host is missing an important security update according to Microsoft Bulletin...

Sensitive Information Disclosure

github.com/apache/solr-operator is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the operator's mishandling of authentication credentials in log files, which could expose sensitive information such as usernames and...

Sensitive Information Disclosure

Apache Linkis is vulnerable to Sensitive Information Disclosure. The vulnerability is caused by the inclusion of sensitive information (password) in the log statement. This potentially leads to exposure to sensitive...

Atlassian Jira 9.13.x < 9.16.0 Information Disclosure

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues....

Home Assistant Information Disclosure Vulnerability (Mar 2022)

Home Assistant OS and Home Assistant Supervised are prone to an information disclosure...

Microsoft SQL Server Information Disclosure Vulnerability (KB4019091)

Microsoft SQL Server is prone to an information disclosure ...

Symmetricom SyncServer Unauthenticated - Remote Command Execution

Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection...

Sensitive Information Disclosure

go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to errors returned from MarshalJSON methods containing user-controlled data, which can break contextual auto-escaping behavior, leading to unexpected content injection into...

eZ Publish Information disclosure in backend content tree menu

This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...

Microsoft SQL Server Information Disclosure Vulnerability (KB4036996)

This host is missing an important security update according to Microsoft...

Microsoft ASP.NET Information Disclosure Vulnerability (2418042)

This host is missing a critical security update according to Microsoft Bulletin...

Microsoft Exchange Public Folders Information Leak

Microsoft Exchange Public Folders can be set to allow anonymous connections (set by default). If this is not changed it is possible for an attacker to gain critical information about the users (such as full email address, phone number, etc) that are present in the Exchange...

Microsoft SQL Server Information Disclosure Vulnerability (KB4019091)

This host is missing an important security update according to Microsoft...

CVE-2023-6099

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

CVE-2019-1172 Windows Information Disclosure Vulnerability

...

eZ Publish Information disclosure in backend content tree menu

This security advisory fixes an information disclosure vulnerability in the legacy admin content tree menu. If a view has been disabled in site.ini [SiteAccessRules] Rules, and an attacker accesses the backend with the URL to this module, then the tree menu may be displayed. Since the tree menu...

CVE-2024-4584 Faraday GM8181/GM828x command_port.ini information disclosure

A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit...

Sensitive Information Disclosure

Apache ZooKeeper is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing ACL checks in the persistent watcher feature. An attackers can monitor child znodes by attaching a persistent watcher to a parent node they already have access to. When the persistent watcher is....

Sensitive Information Disclosure

go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the client not forwarding sensitive headers such as "Authorization" or "Cookie" when following an HTTP redirect to a domain that is not a subdomain match or exact match of the initial...

Atlassian Jira 9.5.x < 9.12.8 Information Disclosure

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues....

WordPress Pingback File Information Disclosure

The version of WordPress installed on the remote host fails to sanitize the 'sourceURI' before passing it to the 'wp_remote_fopen()' function when processing pingbacks. An unauthenticated, remote attacker can leverage this issue to determine the existence of local files and possibly to view...

'//WEB-INF/' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure...

CVE-2019-1172 Windows Information Disclosure Vulnerability

...

Sensitive Information Exposure

RhodeCode and Kallithea is vulnerable to Sensitive Information Exposure. The vulnerability is due to a lack of admin authentication which allows remote users to obtain API keys and other sensitive information via the get_repo API...

CVE-2023-6099

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads....

BIT-artifactory-2024-2248

A Header Injection vulnerability in the JFrog platform in versions below 7.85.0 (SaaS) and 7.84.7 (Self-Hosted) may allow threat actors to take over the end user's account when clicking on a specially crafted URL sent to the victim’s user...

CVE-2019-1171 SymCrypt Information Disclosure Vulnerability

...

CVE-2019-1171 SymCrypt Information Disclosure Vulnerability

...

Windows Cryptographic Services Information Disclosure Vulnerability

...

Atlassian JIRA < 8.6.1 Information Disclosure

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is before 8.6.1. It is, therefore, affected by a missing authorization check that allows an authenticated remote attacker to view release version information in projects that they do not...

Movable Type mt.cfg Information Disclosure

The remote host is running Movable Type. The file 'mt.cfg' is publicly accessible, and contains information that should not be...

MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. Impact Disclosure of the...

CVE-2024-24919 Information disclosure

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is...

OpenStack Glance is vulnerable to Exposure of Sensitive Information

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached...

OpenStack Oslo utility sensitive information exposure via log files

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the...