Lucene search
K

6 matches found

OSV
OSV
added 2026/03/05 6:26 p.m.5 views

GHSA-G9W5-QFFC-6762 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

9.8CVSS6AI score0.22162EPSS
Exploits12References6
Cvelist
Cvelist
added 2026/03/05 4:28 p.m.32 views

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

9.8CVSS0.22162EPSS
Exploits12References1
RedHat Linux
RedHat Linux
added 2019/08/21 3:21 p.m.4 views

ceph: debug logging for v4 auth does not sanitize encryption keys

It was found that Ceph RGW did not properly sanitize encryption keys in debug logging for v4 auth. Encryption keys could be inadvertently disclosed when sharing debug logs...

7.5CVSS5.7AI score0.00536EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2014/01/30 12:0 a.m.31 views

CentOS Update for java CESA-2014:0097 centos6

Check for the Version of java OpenVAS Vulnerability Test CentOS Update for java CESA-2014:0097 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

10CVSS0.1AI score0.08383EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2014/01/30 12:0 a.m.47 views

RedHat Update for java-1.6.0-openjdk RHSA-2014:0097-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS5.7AI score0.08383EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2014/01/21 12:0 a.m.264 views

Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2014:011)

Multiple vulnerabilities has been discovered and corrected in java-1.7.0-openjdk : An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java applicatio...

10CVSS6.4AI score0.08383EPSS
Exploits1References17
Rows per page
Query Builder