6775 matches found
CLSA-2024-1732555093 Fix CVE(s): CVE-2020-27767
SECURITY UPDATE: Undefined behavior due to values outside range in quantum.h - debian/patches/CVE-2020-27767.patch: Fix quantum.h to include float.h to handle min and max values for Quantum type - debian/patches/CVE-2020-27767-1.patch: Fix ClampToQuantum function to handle negative values correct...
GHSA-PCX7-8HXG-J823 Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack...
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7gv-xpgf-6395. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured...
CVE-2024-10451
CVE-2024-10451 : A flaw in Keycloak allows sensitive runtime values (e.g., passwords) captured during the build process to be embedded as default values in bytecode, making them accessible at runtime. The issue affects Keycloak 26 and all versions up to 26.0.2, where data from environment variabl...
Astra Linux – Vulnerability in GhostScript
A issue was discovered in pdf/pdfxref.c in Artifex Ghostscript prior to version 10.04.0. There is a buffer overflow that occurs during the handling of a PDF XRef stream related to W array values...
K000148693: libssh2 vulnerability CVE-2015-1782
Security Advisory Description The kexagreemethods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service crash or have other unspecified impact via crafted length values in an SSHMSGKEXINIT packet. CVE-2015-1782 Impact There is no impact; F5 products are not affected ...
GO-2024-3280 Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher
Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...
org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...
org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...
CVE-2024-52067
CVE-2024-52067 affects Apache NiFi 1.16.0–1.28.0 and 2.0.0-M1–2.0.0-M4. The issue is optional debug logging of Parameter Context values during flow synchronization, which an authorized admin could enable to write parameter names and values to logs. Deployments with the default Logback config do n...
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
Apache NiFi 日志信息泄露漏洞
Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A log information disclosure vulnerability exists in Apache NiFi versions 1.16.0 to 1.28.0 and 2.0.0-M1 to 2.0.0-M4,...
Improper Authentication
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to a loose comparison in the password-checking logic to access the Lesson activity. Note: This only affects passwords that are set to "magic hash" values. Workaround User...
SUSE CVE-2024-52282
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps' values. Additionally, the same information leaks into auditing lo...
SUSE CVE-2024-53081
In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that bot...
SUSE CVE-2024-53083
In the Linux kernel, the following vulnerability has been resolved: usb: typec: qcom-pmic: init value of hdrlen/txbuflen earlier If the read of USBPDPHYRXACKNOWLEDGEREG failed, then hdrlen and txbuflen are uninitialized. This commit stops to print uninitialized value and misleading/false data...
PT-2024-35150 · Rancher · Rancher Manager
Name of the Vulnerable Software and Affected Versions: Rancher Manager versions prior to 2.8.10 Rancher Manager versions prior to 2.9.5 Description: A vulnerability has been identified in Rancher Manager where applications installed via the Apps Catalog store their Helm values directly into the...
PT-2024-35118 · Apache · Apache Nifi
Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.16.0 through 1.28.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M4 Description: The issue concerns the optional debug logging of Parameter Context values during the flow synchronization process in Apache NiFi. An...
UBUNTU-CVE-2024-53081
In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that bot...