Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00552EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Qemu

A vulnerability related to out-of-bounds heap buffer access was discovered in the ARM Generic Interrupt Controller emulator of QEMU, as of and including qemu 4.2.0 on the aarch64 platform. The issue arises because, when writing an interrupt ID to the controller’s memory area, it is not masked to ...

6CVSS6.9AI score0.00323EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.15 views

CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.12 views

CVE-2026-46427

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

7.7CVSS0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.3 views

CVE-2026-27640

tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...

8.5CVSS5.4AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 4:16 a.m.5 views

CVE-2026-27640

tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...

8.5CVSS0.00296EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:12 a.m.4 views

CVE-2024-35189

Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...

6.5CVSS6.7AI score0.00577EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/10/20 3:52 p.m.6 views

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

4.3CVSS6.1AI score0.00881EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/11/03 8:36 a.m.4 views

Trove: potential leak of passwords into log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

2.1CVSS5.8AI score0.00528EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/11/03 8:25 a.m.5 views

Trove: potential leak of passwords into log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

2.1CVSS5.8AI score0.00528EPSS
Exploits1References4
Rows per page
Query Builder