Lucene search
K

1890 matches found

UbuntuCve
UbuntuCve
added 2023/11/22 2:15 a.m.22 views

CVE-2021-37937

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vulnerability, a compromised Fleet-Server service account...

8.8CVSS7.1AI score0.00714EPSS
Exploits0References3
CVE
CVE
added 2023/11/22 1:45 a.m.52 views

CVE-2021-37937

CVE-2021-37937 affects Elastic Stack components where API keys created under a Fleet-Server service account could be issued with higher privileges, allowing a compensated service account to escalate to a super-user. Affected: Elasticsearch/Fleet integration in Elastic Stack; Root cause: API key c...

8.8CVSS7.1AI score0.00714EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/13 12:0 a.m.23 views

CVE-2023-47801

An issue was discovered in Click Studios Passwordstate before 9811. Existing users Security Administrators could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password...

5.1AI score0.00439EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/13 12:0 a.m.10 views

CVE-2023-47801

An issue was discovered in Click Studios Passwordstate before 9811. Existing users Security Administrators could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password...

7.1AI score0.00439EPSS
Exploits0References1
CVE
CVE
added 2023/11/13 12:0 a.m.36 views

CVE-2023-47801

CVE-2023-47801 affects Click Studios Passwordstate prior to 9811. The issue allows existing Security Administrators to misuse the System Wide API Key (when used with the PasswordHistory endpoint) to read or delete private password records, and to misuse the Copy/Move Password Record API Key to co...

4.7CVSS4.8AI score0.00439EPSS
Exploits0References1Affected Software1
Information Security Automation
Information Security Automation
added 2023/11/05 6:39 p.m.174 views

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture. Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities...

10CVSS9.3AI score0.99999EPSS
Exploits153
OSV
OSV
added 2023/11/02 10:2 p.m.154 views

GO-2023-2158 Google Sheet API key disclosure in github.com/grafana/google-sheets-datasource

Error messages for the Google Sheets data source plugin were improperly sanitized. The Google Sheet API-key could potentially be exposed...

7.5CVSS6.3AI score0.00389EPSS
Exploits0References1
NVD
NVD
added 2023/10/31 4:15 p.m.11 views

CVE-2023-46723

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

8.9CVSS8.8AI score0.00399EPSS
Exploits0References1
Prion
Prion
added 2023/10/31 4:15 p.m.18 views

Code injection

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

5CVSS7.6AI score0.00399EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/31 3:34 p.m.18 views

CVE-2023-46723 lte-pic32-writer's sendto.txt may disclose URL and the API key

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

8.9CVSS9AI score0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/31 3:34 p.m.12 views

CVE-2023-46723 lte-pic32-writer's sendto.txt may disclose URL and the API key

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

8.9CVSS6.9AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2023/10/31 3:34 p.m.50 views

CVE-2023-46723

The CVE-2023-46723 issue affects lte-pic32-writer (versions 0.0.1 and earlier). The root cause is that the sendto.txt file can be read by anyone with knowledge of the IMEI, potentially exposing contained SNS URLs and API keys. Documented impact centers on confidentiality (exposure of keys/URLs); ...

8.9CVSS8.2AI score0.00399EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/31 3:34 p.m.13 views

CVE-2023-46723 lte-pic32-writer's sendto.txt may disclose URL and the API key

lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use sendto.txt are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNSsuch as slack and zulip URL and API key. As of time of publication, a patch is not ye...

8.9CVSS7.5AI score0.00399EPSS
Exploits0References3
OSV
OSV
added 2023/10/27 2:2 p.m.2 views

OPENSUSE-SU-2023:0334-1 Security update for python-bugzilla

This update for python-bugzilla fixes the following issues: - Fixed potential API Key leak boo1215718...

7.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.4 views

PT-2023-35515 · Unknown · Python-Bugzilla

Name of the Vulnerable Software and Affected Versions: python-bugzilla affected versions not specified Description: The issue concerns a potential API Key leak. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world...

7.1AI score
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2023/10/27 12:0 a.m.7 views

Security update for python-bugzilla (important)

openSUSE Security Update: Security update for python-bugzilla Announcement ID: openSUSE-SU-2023:0334-1 Rating: important References: 1215718 Affected Products: openSUSE Backports SLE-15-SP5 An update that contains security fixes can now be installed. Description: This update for python-bugzilla...

7.3AI score
Exploits0
Veracode
Veracode
added 2023/10/23 10:42 a.m.207 views

Information Disclosure

github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...

7.5CVSS6.8AI score0.00389EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/20 8:15 a.m.3 views

CVE-2023-4021

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS7.3AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.8 views

CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6.7AI score0.00319EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/20 7:29 a.m.22 views

CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS4.8AI score0.00319EPSS
Exploits0References2
Rows per page
Query Builder