157 matches found
CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
kanidm-provision 日志信息泄露漏洞
kanidm-provision is a small utility program from the individual developers at oddlama to help configure kanidm. A log information disclosure vulnerability exists in kanidm-provision versions prior to 1.2.0, which stems from a function error in the supplied kanidm patch that causes administrator...
SUSE CVE-2025-2241
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
Red Hat Advanced Cluster Management和Red Hat Multicluster Engine 安全漏洞
Red Hat Advanced Cluster Management and Red Hat Multicluster Engine are both products of Red Hat, Inc.Red Hat Advanced Cluster Management is a console cluster control software.Red Hat Red Hat Advanced Cluster Management is a console cluster control software. A security vulnerability exists in Red...
User Impersonation
Overview django-tenant-users is an A Django app to extend django-tenants to incorporate global multi-tenant users Affected versions of this package are vulnerable to User Impersonation via custom schema name in provisiontenant function. An attacker can creates a tenant with isstaff, issuperuser,...
CVE-2025-0224
A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...
CVE-2025-0224 Provision-ISR SH-4050A-2 server.js information disclosure
A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...
CVE-2025-0224
Provision-ISR CVE-2025-0224 affects SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX (up to 20241220). Root cause: manipulation of an unknown functionality in /server.js leads to information disclosure; attack can be launched remotely and the exploit ...
CVE-2025-0224 Provision-ISR SH-4050A-2 server.js information disclosure
A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...
Provision-ISR多款产品 访问控制错误漏洞
Provision-ISR SH-4050A-2 and others are a high quality dynamic hybrid digital video recorder from Provision-ISR. An access control error vulnerability exists in various Provision-ISR products. An attacker could exploit the vulnerability to disclose sensitive information. The following products ar...
PT-2025-3794 · Provision Isr · Provision-Isr Sh-16200A-2 +5
Name of the Vulnerable Software and Affected Versions: Provision-ISR SH-4050A-2 Provision-ISR SH-4100A-2LMM Provision-ISR SH-8100A-2LMM Provision-ISR SH-16200A-21U Provision-ISR SH-16200A-51U Provision-ISR NVR5-8200PX up to 20241220 Description: A vulnerability was found in Provision-ISR devices,...
CVE-2024-7339
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...
CVE-2024-7339
A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...
CVE-2024-7339
CVE-2024-7339 affects TVT DVR TD-2104TS-CL, TD-2108TS-HP, Provision-ISR SH-4050A5-5L(MM) and AVISION AV108T, with information disclosure arising from an insecure /queryDevInfo handler due to insufficient access control. A remote attacker can trigger the leak; multiple sources note that an exploit...
Ubuntu Desktop Provision 安全漏洞
Ubuntu Desktop Provision is an open source desktop provisioning program from Canonical. A security vulnerability exists in Ubuntu Desktop Provision versions prior to 0.1.5, which stems from a binary issue that allows a local attacker to elevate privileges...
GO-2024-2930 RKE credentials are stored in the RKE1 Cluster state ConfigMap in github.com/rancher/rke
When RKE provisions a cluster, it stores the cluster state in a configmap called "full-cluster-state" inside the "kube-system" namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include sensitive data...
CVE-2024-6425 Incorrect Provision of Specified Functionality vulnerability in MESbook
Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=&Password=&ConfirmPassword="...
OPENSUSE-SU-2024:11535-1 yast2-samba-provision-1.0.5-1.2 on GA media
These are all security issues fixed in the yast2-samba-provision-1.0.5-1.2 package on the GA media of openSUSE Tumbleweed...
provision.com.au Cross Site Scripting vulnerability OBB-3884343
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
istio security update
istio 1.17.5-1 - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt 0.58.0-3 - Ensure that selinux build tags are set for all Go builds olcne 1.7.2-2 - Update kubevirt image versions fixing selinux=enforce not being supported 1.7.2-1 - Add Istio-1.17.5 and...