SAISON INFORMATION SYSTEMS CO.,LTD. Security Vulnerabilities

Sensitive Information Disclosure

github.com/rancher/rancher is vulnerable to Sensitive Information Disclosure. The vulnerability is due to constantly reconciling clusters when secrets encryption configuration is enabled, causing Kube API secret values to be written in plaintext on the AppliedSpec. An attacker can gain access to...

Sensitive Information Disclosure

@lobehub/chat is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure handling of the base URL in the frontend, allowing an attacker to modify it to their own attack URL. The attacker can then set up a server-side request to obtain the real backend API...

Sensitive Information Exposure

h2o is vulnerable to Sensitive Information Exposure. The vulnerability is due the Typeahead API call which allows an attacker to lookup arbitrary system paths in the entire file system where h2o-3 is...

CVE-2022-38975

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted...

Sensitive Information Disclosure

netty-incubator-codec-ohttp is vulnerable to Sensitive Information Disclosure. The vulnerability due to an error in the BoringSSLAEADContext which results the encryption nonce overflowing. An attacker can manipulate the nonce repetition by causing the sequence number to overflow, which decreases...

Information Disclosure

TYPO3/CMS is vulnerable to Information Disclosure. This vulnerability arises from insufficient validation and handling of uploaded files within forms. It may result in arbitrary file disclosure or unauthorized access to sensitive system...

Sensitive Information Disclosure

keycloak-services is vulnerable to Sensitive Information Disclosure. The vulnerability is due to client-provided parameters included in plain text within the KC_RESTART cookie returned by the authorization server's HTTP response to a request_uri authorization...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure The vulnerability is due to improper session termination, where session data of authenticated users is transformed into an anonymous user session during the logout process, allowing subsequent users of the same client application to access...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to Inline JavaScript settings within the RequireJS package, which allows an attacker to retrieve additional information about the installed system and third-party...

Sensitive Information Disclosure

topthink/framework is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper handling of error messages, which can reveal the PHPSESSION cookie through debug error output source code when a crafted URI is used in a GET...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to backend users without read access being able to see specific pages in the page...

SonarQube logs sensitive information

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to login failures being logged at the "warning" level instead of the "debug" level, which exposes plain text credential...

Sensitive Information Disclosure

GnuTLS is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exploiting deterministic behavior in systems like GnuTLS, particularly when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, which can lead to a noticeable step in nonce size from 513 to 512 bits, exposing a...

Sensitive Information Disclosure

github.com/kubernetes-sigs/azurefile-csi-driver is vulnerable to Sensitive Information Disclosure. This vulnerability is due to tokens being logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag, which allows an...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper permission checks on the element information component, which displays properties of a certain record without verifying the backend user’s...

MinIO information disclosure vulnerability

Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...

Sensitive Information Disclosure

jupyter_server is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper path validation, which allows unauthenticated attackers to leak the NTLMv2 password hash of the Windows user running the...

EyouCms v1.6.3 - Information Disclosure

EyouCms v1.6.3 was discovered to contain an information disclosure vulnerability via the component...

SonarQube logs sensitive information

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...

Microweber Information Disclosure

Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to...

Information Disclosure

simplesamlphp/simplesamlphp is vulnerable to Information Disclosure. The vulnerability is due to insufficient access controls on the admin interface endpoint, allowing unauthenticated users to view sensitive information about the host where SimpleSAMLphp is...

XWiki < 4.10.15 - Information Disclosure

The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected...

Sensitive Information Disclosure

ethyca_fides is vulnerable to Information Disclosure. The vulnerability is due to improper masking of nested sensitive fields such as private_key in the BigQuery connection configuration, which allows an attacker to expose the sensitive fields in plaintext via certain API...

Sensitive Information Exposure

chainguard.dev/apko is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper redaction of sensitive information within error log output, where HTTP basic auth credentials from repository and keyring URLs are exposed, which allows an attacker with access to logs to...

Sensitive Information Disclosure

Kimai is Sensitive Information Disclosure. The vulnerability is caused by manipulating of the PHPSESSIONID argument in the Session Handler component, which results in the sensitive...

Information Disclosure

silverstripe/framework is vulnerable to Information Disclosure. The vulnerability is due to password fields reflecting submitted data, which inadvertently exposes users to potential security risks by displaying sensitive...

Sensitive Information Disclosure

typo3/cms-core is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the Install Tool exposing the current TYPO3 version number to non-authenticated...

Information Disclosure

silverstripe/framework is vulnerable to Information Disclosure. The vulnerability is due to inconsistent handling of login attempts for non-existent users. This allows attackers to discern valid user accounts and enumerate valid user accounts by observing differences in error messages or...

Information Disclosure

github.com/dapr/dapr is vulnerable to Information Disclosure. The vulnerability is caused due to the gRPC proxy sending the invoker app's token instead of the invoked app's token. This allows an attacker to gain access to the invoker app's token, compromising security and authentication...

Information Disclosure

github.com/huandu/facebook is vulnerable to an Information Disclosure vulnerability. The vulnerability is due to the access_token being exposed in error messages upon failing HTTP requests, which could allow an attacker with log access to obtain sensitive access tokens by exploiting error messages....

Sensitive Information Disclosure

Symfony is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the FragmentHandler considering all fragment render requests as coming from a trusted source, regardless of their origin, due to the inability to distinguish between legitimate ESI requests by a trusted proxy...

Information Disclosure

mltable is vulnerable to Information Disclosure. An attacker could exploit this vulnerability to disclose training...

Information Disclosure

PowerShell is vulnerable to Information Disclosure. The vulnerability is due to the PowerShell Web cmdlets, which allows an attacker to exfiltrate sensitive information from a targeted...

CVE-2020-27583

IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the...

Information Disclosure

azure_cli, is vulnerable to Information Disclosure. The vulnerability exists due to sensitive information thats exposed in log files, allowing an attacker to recover plaintext passwords and usernames from log...

XWiki < 4.10.15 - Sensitive Information Disclosure

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

ZK Framework - Information Disclosure

ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute...

Autoptimize < 3.1.0 - Information Disclosure

The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and...

KubeView <=0.1.31 - Information Disclosure

KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby...

Free5gc 3.2.1 - Information Disclosure

Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

Jenkins <=2.218 - Information Disclosure

Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized...

JumpServer > 3.6.4 - Information Disclosure

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

Lost And Found Information System 1.0 SQL Injection

...

Laravel <5.5.21 - Information Disclosure

Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in...

ThinkPHP 5.0.24 - Information Disclosure

ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing...

Microweber <1.2.11 - Information Disclosure

Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or...

Jira <8.4.0 - Information Disclosure

Jira before 8.4.0 is susceptible to information disclosure. The /rest/api/latest/groupuserpicker resource can allow an attacker to enumerate usernames, and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized...

Splunk <=7.0.1 - Information Disclosure

Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license...

Exploit for Cleartext Transmission of Sensitive Information in Keepass

KeePass 2.X Master Password Dumper...