7830 matches found
CVE-2017-13319
In pvmp3getmaindatasize of pvmp3getmaindatasize.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...
PostgreSQL PL/Perl environment variable changes execute arbitrary code
...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm, an American company. A security vulnerability exists in Qualcomm Chipsets that originates from uninitialized variables. An attacker exploiting the vulnerability could lead to information disclosure...
CVE-2024-53101 fs: Fix uninitialized value issue in from_kuid and from_kgid
In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in fromkuid and fromkgid ocfs2setattr uses attr-iamode, attr-iauid and attr-iagid in a trace point even though ATTRMODE, ATTRUID and ATTRGID aren't set. Initialize all fields of newattrs to avoid...
CVE-2024-53101
In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in fromkuid and fromkgid ocfs2setattr uses attr-iamode, attr-iauid and attr-iagid in a trace point even though ATTRMODE, ATTRUID and ATTRGID aren't set. Initialize all fields of newattrs to avoid...
GHSA-V7GV-XPGF-6395 Keycloak Build Process Exposes Sensitive Data
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...
CVE-2024-31141
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...
GHSA-JCGG-MG9G-P9WF Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7gv-xpgf-6395. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured...
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7gv-xpgf-6395. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured...
CVE-2024-10451 Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...
CVE-2024-10451
CVE-2024-10451 : A flaw in Keycloak allows sensitive runtime values (e.g., passwords) captured during the build process to be embedded as default values in bytecode, making them accessible at runtime. The issue affects Keycloak 26 and all versions up to 26.0.2, where data from environment variabl...
org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...
org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...
CVE-2024-10451
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...
Red Hat Keycloak 信任管理问题漏洞
Red Hat Keycloak is a suite of software from Red Hat USA that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from sensitive data being embedded as a default value in bytecode or environment...
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also...
CVE-2024-31141
CVE-2024-31141 affects Apache Kafka Clients (2.3.0–3.7.0, including 3.5.2 and 3.6.2) with ConfigProvider plugins that read from disk or environment variables via FileConfigProvider/DirectoryConfigProvider/EnvVarConfigProvider. The root cause is improper privilege management that allows untrusted ...
CVE-2024-31141 Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also...
BIT-AIRFLOW-2024-45784 Apache Airflow: Sensitive configuration values are not masked in the logs by default
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...
Apache Kafka 安全漏洞
Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. An authorization issue vulnerability exists in Apache...