information disclosure vulnerability Archives

Pierluigi Paganini July 25, 2023

VMware addressed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment

VMware fixed an information disclosure flaw in VMware Tanzu Application Service for VMs and Isolation Segment that exposed CF API admin credentials in audit logs. VMware has addressed an information disclosure vulnerability, tracked as CVE-2023-20891 (CVSSv3 score 6.5), in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment that exposed logged credentials […]

Pierluigi Paganini January 16, 2021

Siemens fixed tens of flaws in Siemens Digital Industries Software products

Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has addressed 18 vulnerabilities affecting some products of Siemens Digital Industries Software which provides product lifecycle management (PLM) solutions. The vulnerabilities affect Siemens JT2Go, a 3D viewing tool for JT data (ISO-standardized 3D data format) and […]

Pierluigi Paganini August 20, 2020

Shared memory flaw in IBM Db2 can lead to Information Disclosure

IBM addressed a shared memory vulnerability in its Db2 data management solutions that could lead to information disclosure. IBM fixed a shared memory vulnerability in its Db2 data management products that can be exploited by malicious local users to access sensitive data. The vulnerability, which is tracked as CVE-2020-4414, was discovered by researchers from Trustwave, it […]

Pierluigi Paganini May 11, 2020

Experts disclose security flaws in Oracle’s iPlanet Web Server

Researchers discovered a set of issues impacting Oracle’s iPlanet Web Server that could result in sensitive data exposure and limited injection attacks. Researchers discovered two security flaws impacting Oracle’s iPlanet Web Server, tracked as CVE-2020-9315 and CVE-2020-9314, that could cause sensitive data exposure and limited injection attacks. The flaws have been discovered by experts at Nightwatch […]

Pierluigi Paganini April 10, 2020

CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server

VMware has addressed a critical information disclosure vulnerability related to the Directory Service that can be exploited to compromise vCenter Server. VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. The CVE-2020-3952 […]

Pierluigi Paganini January 03, 2020

Remote Command Execution and Information disclosure flaws affect dozens of D-Link routers

Experts disclosed PoC exploits for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. Security researchers Miguel Méndez Zúñiga and Pablo Pollanco from Telefónica Chile recently published Proof-of-concept (PoC) exploits for remote command execution and information disclosure vulnerabilities affecting many D-Link routers. The security duo published on Medium the technical details of the […]

Pierluigi Paganini January 01, 2020

Expert finds Starbucks API Key exposed online

Developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The development team at Starbucks left exposed an API key that could be used by an attacker to access company internal systems and manipulate the list of authorized users. […]

Pierluigi Paganini October 14, 2019

Talos experts found 11 flaws in Schneider Electric Modicon Controllers

Cisco Talos experts discovered nearly a dozen flaws affecting some of the models of Schneider Electric’s Modicon programmable logic controllers. Talos experts discovered 11 security flaws affecting some models of Schneider Electric’s Modicon programmable logic controllers. Affected models are Modicon M580, M340, BMENOC 0311, BMENOC 0321, Quantum, Premium, and Modicon BMxCRA and 140CRA. The unique […]

Pierluigi Paganini January 18, 2019

Twitter fixed a bug in its Android App that exposed Protected Tweets

A bug in the Twitter app for Android may have had exposed tweets, the social media platform revealed on Thursday. The bug in the Android Twitter app affects the “Protect my Tweets” option from the account’s “Privacy and safety” settings that allows viewing user’s posts only to approved followers. People who used the Twitter app […]

Pierluigi Paganini November 14, 2018

Adobe Patch Tuesday updates for November 2018 fix known Acrobat flaw

Adobe Patch Tuesday updates for November 2018 addresses three flaws in Flash Player, Acrobat and Reader, and Photoshop CC. Adobe Patch Tuesday updates for November 2018 fixes three flaws in Flash Player, Acrobat and Reader, and Photoshop CC. The most severe issue is an information disclosure vulnerability, tracked as CVE-2018-15979, due to the availability of the proof-of-concept […]