79 matches found
SUSE CVE-2024-52290
LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the API key name during its generation. An attacker can execute arbitrary scripts in the context of an admin's session by embedding malicious content into the API key name field. This is only exploitable if...
PT-2025-7644 · Leantime · Leantime
Name of the Vulnerable Software and Affected Versions: Leantime affected versions not specified Description: The issue allows stored cross-site scripting XSS in the API key name while generating the API key. Any low-privileged user, such as a manager or editor, can create an API key with an XSS...
CVE-2024-47128
The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...
CVE-2024-41931
The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...
CVE-2024-41931
The CVE-2024-41931 entry concerns goTenna Pro ATAK Plugin where the encryption key name is transmitted in plaintext over RF via a broadcast message. Affected software: goTenna Pro ATAK Plugin (versions 1.9.12 and prior). Root cause: key name is sent unencrypted in broadcast data, enabling potenti...
goTenna Pro 安全漏洞
goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A security vulnerability exists in goTenna Pro that stems from a broadcast key name that is consistently sent in unencrypted form and could disclose the operational...
RHEL 9 : Red Hat OpenStack Platform 17.0 (etcd) (RHSA-2023:3441)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3441 advisory. A highly-available key value store for shared configuration Security Fixes: Information discosure via debug function CVE-2021-28235 Key name...
CVE-2023-41160
A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...
CVE-2023-41160
A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...
Redis 安全漏洞
Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A security vulnerability exists in Redis versions 7.0.0 through prior to 7.0.12, which stems from a...
etcd key name can be accessed via LeaseTimeToLive API
...
AZL-26666 CVE-2023-32082 affecting package etcd for versions less than 3.5.3-10
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...
PT-2023-23594 · Etcd +3 · Etcd +3
Name of the Vulnerable Software and Affected Versions: etcd versions prior to 3.4.26 and prior to 3.5.9 Description: The issue is related to insufficient protection of service data in etcd, a distributed key-value store. The LeaseTimeToLive API allows access to key names associated with a lease...
SUSE CVE-2008-1188
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with 1 a long key name in the xml header or 2 a long charset value, different issu...
SUSE CVE-2017-3143
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...
Rdiffweb 安全漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.5, which stems from a lack of character cleanup in SSH key names...
The vulnerability of the Key/Name component in the PHP software platform pimcore allows a attacker to perform XSS attacks.
The vulnerability of the Key/Name component in the PHP software platform pimcore exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
Pimcore 跨站脚本漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...