CWE-419

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.

Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior to 1.2.6. The admin interface can be used to terminate the Envoy process and extract the Envoy configuration (possibly containing confidential data). Version 1.2.6 fixes the issue. As a workaround, the `EnvoyProxy` API can be used to apply a bootstrap config patch that restricts access strictly to the prometheus stats endpoint. Find below an example of such a bootstrap patch.

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.

The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges.

TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected App.

Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device will not be acknowledged by the controller. This vulnerability exists in PC Controller v5.54.0, and earlier.