Lucene search
K

6765 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:54 p.m.6 views

CVE-2020-9486

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext...

7.5CVSS6.8AI score0.03558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 p.m.6 views

CVE-2020-11683

A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an affected system...

6.8CVSS7.1AI score0.00514EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:42 p.m.8 views

CVE-2020-13351

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are =13.0, =13.4.0, =13.5.0, 13.5.2...

6.5CVSS6.3AI score0.01345EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.17 views

CVE-2020-3615

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer...

9.8CVSS7.2AI score0.00752EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.5 views

CVE-2020-26266

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen...

5.3CVSS7AI score0.00243EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:17 p.m.7 views

CVE-2020-1942

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was...

7.5CVSS6.5AI score0.03492EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 1:8 p.m.8 views

CVE-2018-6185

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...

5.5CVSS7.2AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 a.m.11 views

CVE-2013-5180

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...

4.3CVSS6.2AI score0.01086EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.5 views

CVE-2019-15698

In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10...

4.3CVSS6.5AI score0.00879EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 a.m.5 views

CVE-2015-8761

The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import...

9CVSS7.9AI score0.01481EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:21 a.m.16 views

CVE-2019-10363

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...

4.9CVSS6.7AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.9 views

CVE-2018-6240

NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address...

7.8CVSS6.6AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:59 a.m.11 views

CVE-2019-10343

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied...

3.3CVSS6.4AI score0.00368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:51 a.m.9 views

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

9.8CVSS6.9AI score0.01376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:49 a.m.9 views

CVE-2019-18366

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission...

5.3CVSS6.8AI score0.01097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.9 views

CVE-2019-14525

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...

4.9CVSS6.6AI score0.01528EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:26 a.m.9 views

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

9.8CVSS7.1AI score0.00916EPSS
Exploits2References1
OSV
OSV
added 2025/05/21 5:29 p.m.4 views

DRUPAL-CONTRIB-2025-068

The Admin Audit Trail module tracks logs of specific events that you'd like to review. When the submodule Admin Audit Trail: User Authentication is enabled, it logs user authentication events login, logout, and password reset requests. The module does not sufficiently limit some large values befo...

6.5CVSS7AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

ux 跨站脚本漏洞

ux is a Symfony open source JavaScript ecosystem for Symfony. A cross-site scripting vulnerability exists in versions of ux prior to 2.25.1, which stems from unescaped attribute values and could lead to HTML attribute injection and cross-site scripting attacks...

6.1CVSS6AI score0.00212EPSS
Exploits0References2
OSV
OSV
added 2025/05/18 3:15 p.m.4 views

CVE-2025-4883

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been declared as critical. This vulnerability affects the function ctxzasp of the file /ctxz.asp of the component Connection Limit Page. The manipulation of the argument def/defTcp/defUdp/defIcmp/defOther leads to stack-based buffer...

7.2CVSS6.4AI score0.04728EPSS
Exploits1References5
Rows per page
Query Builder