Lucene search
+L

79 matches found

susecve
susecve
added 2025/05/21 12:53 a.m.4 views

SUSE CVE-2024-52290

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

5.4CVSS6.2AI score0.00242EPSS
Exploits1References3
snyk
snyk
added 2025/02/21 10:48 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the API key name during its generation. An attacker can execute arbitrary scripts in the context of an admin's session by embedding malicious content into the API key name field. This is only exploitable if...

4.8CVSS5.5AI score
Exploits0References2
ptsecurity
ptsecurity
added 2025/02/21 12:0 a.m.2 views

PT-2025-7644 · Leantime · Leantime

Name of the Vulnerable Software and Affected Versions: Leantime affected versions not specified Description: The issue allows stored cross-site scripting XSS in the API key name while generating the API key. Any low-privileged user, such as a manager or editor, can create an API key with an XSS...

7.6CVSS5.3AI score
Exploits0References3
osv
osv
added 2024/09/26 6:15 p.m.3 views

CVE-2024-47128

The goTenna Pro App encryption key name is always sent unencrypted when the key is shared over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...

4.3CVSS5.8AI score0.00131EPSS
Exploits0References1
osv
osv
added 2024/09/26 6:15 p.m.4 views

CVE-2024-41931

The goTenna Pro ATAK Plugin encryption key name is always sent unencrypted when the key is sent over RF through a broadcast message. It is advised to share the encryption key via local QR for higher security operations...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References1
cve
cve
added 2024/09/26 5:42 p.m.60 views

CVE-2024-41931

The CVE-2024-41931 entry concerns goTenna Pro ATAK Plugin where the encryption key name is transmitted in plaintext over RF via a broadcast message. Affected software: goTenna Pro ATAK Plugin (versions 1.9.12 and prior). Root cause: key name is sent unencrypted in broadcast data, enabling potenti...

5.3CVSS4.8AI score0.00141EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/09/26 12:0 a.m.5 views

goTenna Pro 安全漏洞

goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A security vulnerability exists in goTenna Pro that stems from a broadcast key name that is consistently sent in unencrypted form and could disclose the operational...

5.3CVSS6.7AI score0.00131EPSS
Exploits0References2
nessus
nessus
added 2024/04/28 12:0 a.m.31 views

RHEL 9 : Red Hat OpenStack Platform 17.0 (etcd) (RHSA-2023:3441)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3441 advisory. A highly-available key value store for shared configuration Security Fixes: Information discosure via debug function CVE-2021-28235 Key name...

9.8CVSS6.8AI score0.01605EPSS
Exploits0References6
nvd
nvd
added 2023/09/14 9:15 p.m.37 views

CVE-2023-41160

A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...

5.4CVSS5.2AI score0.00475EPSS
Exploits1References2
osv
osv
added 2023/09/14 12:0 a.m.29 views

CVE-2023-41160

A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...

5.4CVSS5.6AI score0.00475EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/07/11 12:0 a.m.9 views

Redis 安全漏洞

Redis Labs Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis Labs, Inc. that provides APIs in multiple languages. A security vulnerability exists in Redis versions 7.0.0 through prior to 7.0.12, which stems from a...

8.8CVSS7.5AI score0.77422EPSS
Exploits0References8
mscve
mscve
added 2023/05/15 7:0 a.m.9 views

etcd key name can be accessed via LeaseTimeToLive API

...

4.3CVSS6.7AI score0.00744EPSS
Exploits0
osv
osv
added 2023/05/11 8:15 p.m.5 views

AZL-26666 CVE-2023-32082 affecting package etcd for versions less than 3.5.3-10

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS6.6AI score0.00744EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2023/05/11 7:22 p.m.10 views

CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

3.1CVSS6.9AI score0.00744EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2023/05/11 12:0 a.m.3 views

PT-2023-23594 · Etcd +3 · Etcd +3

Name of the Vulnerable Software and Affected Versions: etcd versions prior to 3.4.26 and prior to 3.5.9 Description: The issue is related to insufficient protection of service data in etcd, a distributed key-value store. The LeaseTimeToLive API allows access to key names associated with a lease...

9.8CVSS6.9AI score0.01605EPSS
Exploits0References31
susecve
susecve
added 2023/02/15 6:9 a.m.4 views

SUSE CVE-2008-1188

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with 1 a long key name in the xml header or 2 a long charset value, different issu...

9.3CVSS8.2AI score0.1248EPSS
Exploits0References7
susecve
susecve
added 2023/02/15 4:52 a.m.3 views

SUSE CVE-2017-3143

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...

7.5CVSS6.8AI score0.18157EPSS
Exploits1References10
cnnvd
cnnvd
added 2022/12/27 12:0 a.m.5 views

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A security vulnerability exists in Rdiffweb versions prior to 2.5.5, which stems from a lack of character cleanup in SSH key names...

6.6CVSS6.2AI score0.00485EPSS
Exploits1References3
bdu_fstec
bdu_fstec
added 2022/08/26 12:0 a.m.5 views

The vulnerability of the Key/Name component in the PHP software platform pimcore allows a attacker to perform XSS attacks.

The vulnerability of the Key/Name component in the PHP software platform pimcore exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS6.1AI score0.01451EPSS
Exploits1References3Affected Software1
cnnvd
cnnvd
added 2022/08/23 12:0 a.m.4 views

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...

6.7CVSS5.2AI score0.01451EPSS
Exploits1References3
Rows per page
Query Builder