11 matches found
CVE-2024-3622
A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a...
CVE-2024-3623 Mirror-registry: default database secret key stored in plain-text on initial configuration file
A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. Th...
CVE-2024-3623
CVE-2024-3623 describes a flaw in using mirror-registry to install Quay where a default database secret key is stored in plain text within a configuration template. This can cause all Quay instances deployed via mirror-registry to share the same database secret key, enabling a malicious actor to ...
CVE-2024-3622 Mirror-registry: plain-text default csrf secret key
A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a...
CVE-2024-3622
CVE-2024-3622 affects Quay deployments using mirror-registry, where a default secret is stored in plain-text in a configuration template. This enables an attacker to craft session cookies and potentially gain access to the affected Quay instance. The vulnerability is rooted in the reuse of the sa...
CVE-2024-3623
A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. Th...
CVE-2024-3622
A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a...
Qualys VMDR & Jira Integration Now Available
The increasing number of vulnerabilities poses a significant challenge for most organizations trying to effectively manage and mitigate Cyber risks. According to NVD, the number of vulnerabilities in 2022 increased by approximately 25% as compared to 2021. As we are in start of March the...
SUSE SLES12 Security Update : rsyslog (SUSE-SU-2020:0512-1)
This update for rsyslog fixes the following issues : Security issues fixed : CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages bsc1153451. CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages bsc1153459. Non-security issues fixed: Handle multiline...
Cross site request forgery (csrf)
The Java servlets in the management console in IBM Tivoli Federated Identity Manager TFIM through 6.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE securi...
HPSBPI02640 SSRT100410 rev.2 - HP MFP Digital Sending Software Running on Windows, Authentication Bypass
Potential Security Impact Authentication bypass VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could cause authentication to be disabled for managed devices. This could allow access to the...