91 matches found
quarkus-core: Leak of local configuration properties into Quarkus applications
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been...
EulerOS 2.0 SP11 : python-cryptography (EulerOS-SA-2024-1844)
According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...
ROS-20240521-06
A vulnerability in the RSA Key Exchange Handler component of the encryption and SSL toolkit for Python m2crypto is related to decryption of captured messages on TLS servers using RSA key exchange. Exploitation of the vulnerability could allow an attacker acting remotely, allowing an intruder to t...
Red Hat OpenShift 安全漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift, which stems from the presence of an information disclosure that could allow an...
captured-travel.com Cross Site Scripting vulnerability OBB-3909628
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
[SECURITY] Fedora 39 Update: tcpreplay-4.4.4-5.fc39
Tcpreplay is a tool to replay captured network traffic. Currently, tcpreplay supports pcap tcpdump and snoop capture formats. Also included, is tcpprep a tool to pre-process capture files to allow increased performance under certain conditions as well as capinfo which provides basic information...
CVE-2023-52589
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1ispstop and rkisp1csidisable the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is...
GHSA-3WW4-GG4F-JR7F Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...
CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...
CVE-2023-50781
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...
Chromium Embedded Framework Buffer Error Vulnerability
Chromium Embedded Framework CEF is a simple framework for Chromium Embedded Framework open source. It is used to embed Chromium-based browsers in other applications. A buffer error vulnerability exists in Chromium Embedded Framework CEF that stems from CefVideoConsumerOSR OnFrameCaptured not...
GHSA-437M-7HJ5-9MPW Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Impact Attacker that has gain root privilege of the node that kruise-daemon run , can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, attackers can leverage the "captured" secrets e.g. the kruise-manager service account token to gain extra privilege such as p...
CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Mitigation Mitigation for this issue is either not available or the...
CVE-2022-45611
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information...
CVE-2023-4301 CSRF vulnerability in Fortify Plugin allow capturing credentials
A cross-site request forgery CSRF vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Textpattern 4.8.8 Session Token Disclosure
Title: textpattern-4.8.8 Session token in URL Vulnerability Author: nu11secur1ty Date: 05.10.2023 Vendor: https://textpattern.com/ Software: https://github.com/textpattern/textpattern/releases/tag/4.8.8 Reference: https://portswigger.net/kb/issues/00500700session-token-in-url,...
CVE-2023-24432
A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
Missing CSRF protection
Description Any user can Add Questions on FAQ section -- https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 This section is vulnerable to CSRF. The aggressor can abuse this without prior knowledge of others'. The successful CSRF will send new questions from the victim's browser Captur...
CVE-2022-41249
A cross-site request forgery CSRF vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...