Lucene search
K

75 matches found

Github Security Blog
Github Security Blog
added 2024/11/25 9:30 a.m.11 views

Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7gv-xpgf-6395. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured...

5.9CVSS6.2AI score0.00937EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2024/11/25 7:37 a.m.325 views

CVE-2024-10451

CVE-2024-10451 : A flaw in Keycloak allows sensitive runtime values (e.g., passwords) captured during the build process to be embedded as default values in bytecode, making them accessible at runtime. The issue affects Keycloak 26 and all versions up to 26.0.2, where data from environment variabl...

5.9CVSS5.8AI score0.00937EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/21 7:24 p.m.2 views

org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process

A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...

5.9CVSS5.6AI score0.00937EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/28 12:0 a.m.5 views

PT-2024-9024 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 26.0.2 Description: A flaw was found in Keycloak, where sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintende...

8.2CVSS6.1AI score0.00937EPSS
Exploits0References30
Patchstack
Patchstack
added 2024/10/15 1:2 p.m.4 views

WordPress UltimateAI plugin <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability

Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability discovered by István Márton in WordPress Plugin UltimateAI versions = 2.8.3...

5.6CVSS7AI score0.00322EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/11 3:30 p.m.12 views

GHSA-57QH-VMJR-5JXG Snipe-IT remote code execution

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

8.6CVSS7AI score0.00962EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/10/11 3:30 p.m.24 views

Snipe-IT remote code execution

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

6.6CVSS7.8AI score0.00962EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/10/11 1:15 p.m.11 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

6.6CVSS7.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/11 12:0 a.m.17 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

7.8AI score0.00962EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/11 12:0 a.m.29 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...

0.00962EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/17 9:9 a.m.34 views

CVE-2024-42312 sysctl: always initialize i_uid/i_gid

In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize iuid/igid Always initialize iuid/igid inside the sysfs core so setownership can safely skip setting them. Commit 5ec27ec735ba "fs/proc/procsysctl.c: fix the default values of iuid/igid on /proc/sys...

0.00216EPSS
Exploits0References6
OSV
OSV
added 2024/05/01 6:15 a.m.1 views

UBUNTU-CVE-2024-26949

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplaytable initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplaytable is NULL...

5.5CVSS6.1AI score0.00243EPSS
Exploits0References11
Cvelist
Cvelist
added 2024/05/01 5:18 a.m.16 views

CVE-2024-26949 drm/amdgpu/pm: Fix NULL pointer dereference when get power limit

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplaytable initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplaytable is NULL...

5.7AI score0.00243EPSS
Exploits0References3
Citrix
Citrix
added 2024/03/14 12:0 a.m.6 views

When adding machines, the default value of account names start with was incorrect.

When trying to add machines to a catalog in the Citrix DaaS manage page, on the "Machine Identities" page of the "Add machines" wizard, optionally, you can specify what the account names start with. It is expected that the default account names set in the text were the number of maximum existing...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2023/07/11 12:0 a.m.5 views

Siemens SIMATIC CN 4100 安全漏洞

The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. A security vulnerability previously existed in the Siemens SIMATIC CN 4100 version 2.5, which stemmed from affected devices containing incorrect default values in the SSH configuration. An attacker could exploit the...

10CVSS6.7AI score0.0036EPSS
Exploits0References2
OSV
OSV
added 2023/02/13 9:31 p.m.23 views

GHSA-6P89-3P7C-QRHV Cross-site scripting in CKEditor5

CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is adding...

6.1CVSS6.1AI score0.02097EPSS
Exploits4References4
NVD
NVD
added 2023/02/13 8:15 p.m.17 views

CVE-2022-48110

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

6.1CVSS6.3AI score0.02097EPSS
Exploits4References2
Prion
Prion
added 2023/02/13 8:15 p.m.19 views

Cross site scripting

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

5.8CVSS6.2AI score0.02097EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2023/02/13 12:0 a.m.22 views

CVE-2022-48110

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

6.2AI score0.02097EPSS
Exploits4References2
Code423n4
Code423n4
added 2023/01/30 12:0 a.m.14 views

Immutable varibles should be checked to there default values

Lines of code Vulnerability details Impact It is very important to check whether the immutable variables are not equal to the default values because if Quest is created and when we pass a default value to a variable then it can't be changed and it can lead to a problem. Proof of Concept Suppose...

6.8AI score
Exploits0
Rows per page
Query Builder