75 matches found
Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7gv-xpgf-6395. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured...
CVE-2024-10451
CVE-2024-10451 : A flaw in Keycloak allows sensitive runtime values (e.g., passwords) captured during the build process to be embedded as default values in bytecode, making them accessible at runtime. The issue affects Keycloak 26 and all versions up to 26.0.2, where data from environment variabl...
org.keycloak:keycloak-quarkus-server: Sensitive Data Exposure in Keycloak Build Process
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in...
PT-2024-9024 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 26.0.2 Description: A flaw was found in Keycloak, where sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintende...
WordPress UltimateAI plugin <= 2.8.3 - Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability
Limited User Password Change due to Improper Empty and Missing Default Value Check vulnerability discovered by István Márton in WordPress Plugin UltimateAI versions = 2.8.3...
GHSA-57QH-VMJR-5JXG Snipe-IT remote code execution
Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...
Snipe-IT remote code execution
Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...
CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...
CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...
CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution associated with cookie serialization when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values...
CVE-2024-42312 sysctl: always initialize i_uid/i_gid
In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize iuid/igid Always initialize iuid/igid inside the sysfs core so setownership can safely skip setting them. Commit 5ec27ec735ba "fs/proc/procsysctl.c: fix the default values of iuid/igid on /proc/sys...
UBUNTU-CVE-2024-26949
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplaytable initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplaytable is NULL...
CVE-2024-26949 drm/amdgpu/pm: Fix NULL pointer dereference when get power limit
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplaytable initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplaytable is NULL...
When adding machines, the default value of account names start with was incorrect.
When trying to add machines to a catalog in the Citrix DaaS manage page, on the "Machine Identities" page of the "Add machines" wizard, optionally, you can specify what the account names start with. It is expected that the default account names set in the text were the number of maximum existing...
Siemens SIMATIC CN 4100 安全漏洞
The Siemens SIMATIC CN 4100 is a communication node from Siemens, Germany. A security vulnerability previously existed in the Siemens SIMATIC CN 4100 version 2.5, which stemmed from affected devices containing incorrect default values in the SSH configuration. An attacker could exploit the...
GHSA-6P89-3P7C-QRHV Cross-site scripting in CKEditor5
CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is adding...
CVE-2022-48110
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...
Cross site scripting
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...
CVE-2022-48110
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...
Immutable varibles should be checked to there default values
Lines of code Vulnerability details Impact It is very important to check whether the immutable variables are not equal to the default values because if Quest is created and when we pass a default value to a variable then it can't be changed and it can lead to a problem. Proof of Concept Suppose...