Lucene search
K

36 matches found

Vulnrichment
Vulnrichment
added 2024/11/11 12:14 p.m.10 views

CVE-2024-43427 Moodle: admin presets export tool includes some secrets that should not be exported

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party...

3.7CVSS6.5AI score0.00328EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/11 12:14 p.m.29 views

CVE-2024-43427 Moodle: admin presets export tool includes some secrets that should not be exported

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party...

3.7CVSS0.00328EPSS
Exploits0References2
OSV
OSV
added 2024/11/11 12:14 p.m.9 views

CVE-2024-43427 Moodle: admin presets export tool includes some secrets that should not be exported

A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party...

3.7CVSS5.9AI score0.00328EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.5 views

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle that stems from the fact that when creating an export of a site management preset,...

3.7CVSS6AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2024/06/04 12:15 p.m.24 views

CVE-2024-4254

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

7.1CVSS6.9AI score0.0047EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/04 12:1 p.m.25 views

CVE-2024-4254 Secrets Exfiltration in gradio-app/gradio

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

7.1CVSS6.9AI score0.0047EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/04 7:30 a.m.23 views

CVE-2024-4253 Command Injection in gradio-app/gradio

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

7.5CVSS7.2AI score0.0169EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.5 views

PT-2024-30005 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio affected versions not specified Description: The 'deploy-website.yml' workflow in the gradio-app/gradio repository is vulnerable to secrets exfiltration due to improper authorization. This vulnerability arises from the...

7.1CVSS6.8AI score0.0047EPSS
Exploits1References5
Veracode
Veracode
added 2024/05/08 7:33 a.m.21 views

Sensitive Information Disclosure

org.eclipse.edc: data-plane-http-oauth2-core is vulnerable to Sensitive Information Disclosure. The vulnerability arises from a misconfiguration in the OAuth2-protected data sink feature, where the consumer-provided clientSecretKey is resolved in the context of the provider's vault instead of the...

6.8CVSS7.1AI score0.00411EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/10/10 12:0 a.m.40 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.7AI score0.01151EPSS
Exploits0References4
NVD
NVD
added 2023/05/30 4:15 a.m.13 views

CVE-2023-32691

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

5.9CVSS5.6AI score0.00574EPSS
Exploits1References2
Prion
Prion
added 2023/05/30 4:15 a.m.22 views

Design/Logic Flaw

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

2.6CVSS5.6AI score0.00574EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/05/30 3:6 a.m.69 views

CVE-2023-32691

CVE-2023-32691 affects gost (GO Simple Tunnel) written in Go. The root cause is untrusted input from an HTTP header being compared directly to a secret (not using constant-time comparison), enabling a side-channel timing attack to guess secrets. The common remediation is to switch to constant-tim...

5.9CVSS5.6AI score0.00574EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/05/22 7:47 p.m.68 views

GHSA-QJRQ-HM79-49WW ginuerzh/gost vulnerable to Timing Attack

Timing attacks occur when an attacker can guess a secret by observing a difference in processing time for valid and invalid inputs. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparision function. More information on this attack type can ...

5.9CVSS5.6AI score0.00574EPSS
Exploits1References4
Kitploit
Kitploit
added 2019/07/20 10:0 p.m.148 views

GitGot - Semi-automated, Feedback-Driven Tool To Rapidly Search Through Troves Of Public Data On GitHub For Sensitive Secrets

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. How it Works During search sessions, users will provide feedback to GitGot about search results to ignore, and GitGot prunes the set of results. Users...

7.3AI score
Exploits0References4
OSV
OSV
added 2015/12/07 8:59 p.m.5 views

CVE-2015-8213

The getformat function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRETKEY...

5.9AI score
Exploits0References15
Rows per page
Query Builder