Lucene search
K

6775 matches found

OSV
OSV
added 2024/11/25 5:18 p.m.4 views

CLSA-2024-1732555093 Fix CVE(s): CVE-2020-27767

SECURITY UPDATE: Undefined behavior due to values outside range in quantum.h - debian/patches/CVE-2020-27767.patch: Fix quantum.h to include float.h to handle min and max values for Quantum type - debian/patches/CVE-2020-27767-1.patch: Fix ClampToQuantum function to handle negative values correct...

4.3CVSS7AI score0.01124EPSS
Exploits1References1
OSV
OSV
added 2024/11/25 9:30 a.m.1 views

GHSA-PCX7-8HXG-J823 Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack...

4.7CVSS5.7AI score0.00399EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/11/25 9:30 a.m.11 views

Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7gv-xpgf-6395. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured...

5.9CVSS6.2AI score0.00937EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/11/25 7:37 a.m.322 views

CVE-2024-10451

CVE-2024-10451 : A flaw in Keycloak allows sensitive runtime values (e.g., passwords) captured during the build process to be embedded as default values in bytecode, making them accessible at runtime. The issue affects Keycloak 26 and all versions up to 26.0.2, where data from environment variabl...

5.9CVSS5.8AI score0.00937EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.5 views

Astra Linux – Vulnerability in GhostScript

A issue was discovered in pdf/pdfxref.c in Artifex Ghostscript prior to version 10.04.0. There is a buffer overflow that occurs during the handling of a PDF XRef stream related to W array values...

8.4CVSS7.4AI score0.00316EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2024/11/22 9:6 p.m.22 views

K000148693: libssh2 vulnerability CVE-2015-1782

Security Advisory Description The kexagreemethods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service crash or have other unspecified impact via crafted length values in an SSHMSGKEXINIT packet. CVE-2015-1782 Impact There is no impact; F5 products are not affected ...

6.8CVSS6.7AI score0.03501EPSS
Exploits0
OSV
OSV
added 2024/11/21 7:52 p.m.33 views

GO-2024-3280 Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher

Rancher Helm Applications may have sensitive values leaked in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

6.2CVSS6.2AI score0.00371EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/21 7:24 p.m.2 views

org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process

A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...

5.9CVSS5.6AI score0.00937EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/21 7:24 p.m.11 views

org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS5.8AI score0.00399EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/21 7:23 p.m.2 views

org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process

A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...

5.9CVSS5.6AI score0.00937EPSS
Exploits0References4
CVE
CVE
added 2024/11/21 9:28 a.m.94 views

CVE-2024-52067

CVE-2024-52067 affects Apache NiFi 1.16.0–1.28.0 and 2.0.0-M1–2.0.0-M4. The issue is optional debug logging of Parameter Context values during flow synchronization, which an authorized admin could enable to write parameter names and values to logs. Deployments with the default Logback config do n...

6.9CVSS6.2AI score0.00737EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 9:28 a.m.13 views

CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...

6.9CVSS6.6AI score0.00737EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.3 views

Apache NiFi 日志信息泄露漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A log information disclosure vulnerability exists in Apache NiFi versions 1.16.0 to 1.28.0 and 2.0.0-M1 to 2.0.0-M4,...

6.9CVSS6AI score0.00737EPSS
Exploits0References1
Snyk
Snyk
added 2024/11/20 10:50 a.m.2 views

Improper Authentication

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to a loose comparison in the password-checking logic to access the Lesson activity. Note: This only affects passwords that are set to "magic hash" values. Workaround User...

6.9CVSS6.9AI score0.00403EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/11/20 3:49 a.m.4 views

SUSE CVE-2024-52282

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET access to the Rancher Manager Apps Catalog to read any sensitive information that are contained within the Apps' values. Additionally, the same information leaks into auditing lo...

6.2CVSS6.2AI score0.00371EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/11/20 3:48 a.m.2 views

SUSE CVE-2024-53081

In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that bot...

5.5CVSS7.9AI score0.00227EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2024/11/20 3:48 a.m.2 views

SUSE CVE-2024-53083

In the Linux kernel, the following vulnerability has been resolved: usb: typec: qcom-pmic: init value of hdrlen/txbuflen earlier If the read of USBPDPHYRXACKNOWLEDGEREG failed, then hdrlen and txbuflen are uninitialized. This commit stops to print uninitialized value and misleading/false data...

5.5CVSS7.6AI score0.00217EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.3 views

PT-2024-35150 · Rancher · Rancher Manager

Name of the Vulnerable Software and Affected Versions: Rancher Manager versions prior to 2.8.10 Rancher Manager versions prior to 2.9.5 Description: A vulnerability has been identified in Rancher Manager where applications installed via the Apps Catalog store their Helm values directly into the...

7.7CVSS5.7AI score0.00598EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.4 views

PT-2024-35118 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.16.0 through 1.28.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M4 Description: The issue concerns the optional debug logging of Parameter Context values during the flow synchronization process in Apache NiFi. An...

6.9CVSS6.7AI score0.00737EPSS
Exploits0References20
OSV
OSV
added 2024/11/19 6:15 p.m.1 views

UBUNTU-CVE-2024-53081

In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that bot...

5.5CVSS6.6AI score0.00227EPSS
Exploits0References19
Rows per page
Query Builder