Lucene search
K

75 matches found

Snyk
Snyk
added 2022/06/23 9:25 a.m.3 views

Malicious Package

Overview react-ldclient-default-values is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

9.8CVSS7AI score
Exploits0References3
OSV
OSV
added 2022/06/20 7:27 a.m.7 views

MAL-2022-5653 Malicious code in react-ldclient-default-values (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eef871476bf59366a51d76d7ffbf882877423325d7e20519ff251254fee606dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 7:27 a.m.5 views

Malicious code in react-ldclient-default-values (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eef871476bf59366a51d76d7ffbf882877423325d7e20519ff251254fee606dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/05/17 4:44 a.m.12 views

GHSA-HXVP-655X-XXQV Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml

Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for defaultvalues.yaml, which allows local users to obtain passwords and other sensitive information by reading the file...

1.9CVSS8.1AI score0.00331EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/05/04 6:22 p.m.5 views

pipeline-build-step: Password parameter default values exposed

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

6.5CVSS5.7AI score0.00862EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/27 7:44 a.m.3 views

pipeline-build-step: Password parameter default values exposed

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

6.5CVSS5.7AI score0.00862EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/04/13 1:49 p.m.2 views

pipeline-build-step: Password parameter default values exposed

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

6.5CVSS5.7AI score0.00862EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/03/28 11:56 a.m.8 views

pipeline-build-step: Password parameter default values exposed

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

6.5CVSS5.7AI score0.00862EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/17 5:1 p.m.53 views

CVE-2022-25184

A flaw was found in Jenkins pipeline-build-step where it revealed password parameter default values when generating a pipeline script using the Pipeline snippet generator. This flaw allows attackers with item/read permission to retrieve the default password parameter value from jobs and compromis...

6.5CVSS4.4AI score0.00862EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/02/16 12:1 a.m.37 views

Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin

Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...

6.5CVSS2.4AI score0.00862EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/02/16 12:1 a.m.37 views

GHSA-G84F-CMC8-682C Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin

Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password parameter default values when generating a pipeline script using the Pipeline Snippet Generator, allowing attackers with Item/Read permission to retrieve the default password parameter value from jobs...

4.3CVSS7.2AI score0.00862EPSS
Exploits0References4
NVD
NVD
added 2020/07/29 6:15 p.m.19 views

CVE-2019-20026

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request...

7.5CVSS7.5AI score0.01121EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/29 5:28 p.m.20 views

CVE-2019-20026

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request...

7.5AI score0.01121EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/08 7:31 p.m.29 views

CVE-2019-0380

Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure...

5.2AI score0.00875EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/10/17 4:24 p.m.38 views

In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS3.3AI score0.03174EPSS
Exploits0References10Affected Software3
OSV
OSV
added 2018/10/17 4:24 p.m.2 views

GHSA-RRVX-PWF8-P59P In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS5.8AI score0.03174EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.3 views

bouncycastle: DSA key pair generator generates a weak private key by default

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS7.1AI score0.03174EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/09/11 7:53 a.m.5 views

bouncycastle: DSA key pair generator generates a weak private key by default

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS7.1AI score0.03174EPSS
Exploits0References4
Prion
Prion
added 2018/06/04 1:29 p.m.27 views

Design/Logic Flaw

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

5CVSS6.8AI score0.03174EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2018/06/04 12:0 a.m.8 views

UBUNTU-CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS7.1AI score0.03174EPSS
Exploits0References3
Rows per page
Query Builder