16 matches found
Agent Audit: A Security Analysis System for LLM Agent Applications
What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...
EUVD-2019-2217
Malware in sbrugna...
EUVD-2024-41702
Malicious code in bioql PyPI...
GHSA-C37V-3C8W-CRQ8 zot logs secrets
Summary When using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Details Container Image 15.04.2025: ghcr.io/project-zot/zot-linux-amd64:latest Here is an example how the configuration can look which causes the abov...
CVE-2024-45735
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store KV Store deployment configuration an...
CVE-2024-45735 Improper Access Control for low-privileged user in Splunk Secure Gateway App
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store KV Store deployment configuration an...
CVE-2024-45735 Improper Access Control for low-privileged user in Splunk Secure Gateway App
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store KV Store deployment configuration an...
Splunk Enterprise和Splunk Secure Gateway 安全漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...
Secret logging may occur in debug mode of Atlas Operator
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...
How to configure ARM templates using the new Azure App Layering Azure connector
How to configure ARM templates using the new Azure App Layering Azure connector...
CVE-2022-36889
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...
Jenkins Plugin Deployer Framework 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A path traversal...
CVE-2020-26273
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk. This does allow arbitrary...
CVE-2019-2965
Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM component: Install - Configuration. Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
Fedora 29 : icedtea-web (2019-efb92eed7a)
fixed CVEs 2019-10181, 2019-10182, 2019-10185 ---- Updated to fres upstream release : https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2019-March/0413 20.html New in release 1.8 2019-03-12 : - added support for javafx-desc and so allwong run of pure-javafx only applications - --nosecurity...
CVE-2017-6771
A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to...