Lucene search
K

157 matches found

Cvelist
Cvelist
added 2025/03/24 4:47 p.m.11 views

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS0.00269EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.6 views

kanidm-provision 日志信息泄露漏洞

kanidm-provision is a small utility program from the individual developers at oddlama to help configure kanidm. A log information disclosure vulnerability exists in kanidm-provision versions prior to 1.2.0, which stems from a function error in the supplied kanidm patch that causes administrator...

7.6CVSS6.1AI score0.00269EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/03/20 3:29 a.m.2 views

SUSE CVE-2025-2241

A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...

8.2CVSS6.4AI score0.00452EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/17 12:0 a.m.2 views

Red Hat Advanced Cluster Management和Red Hat Multicluster Engine 安全漏洞

Red Hat Advanced Cluster Management and Red Hat Multicluster Engine are both products of Red Hat, Inc.Red Hat Advanced Cluster Management is a console cluster control software.Red Hat Red Hat Advanced Cluster Management is a console cluster control software. A security vulnerability exists in Red...

8.2CVSS7.9AI score0.00452EPSS
Exploits0References3
Snyk
Snyk
added 2025/03/01 6:30 a.m.6 views

User Impersonation

Overview django-tenant-users is an A Django app to extend django-tenants to incorporate global multi-tenant users Affected versions of this package are vulnerable to User Impersonation via custom schema name in provisiontenant function. An attacker can creates a tenant with isstaff, issuperuser,...

7.1CVSS6.9AI score
Exploits0References3
NVD
NVD
added 2025/01/05 5:15 p.m.8 views

CVE-2025-0224

A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...

6.9CVSS0.00426EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/05 4:31 p.m.16 views

CVE-2025-0224 Provision-ISR SH-4050A-2 server.js information disclosure

A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...

6.9CVSS0.00426EPSS
Exploits0References4
CVE
CVE
added 2025/01/05 4:31 p.m.64 views

CVE-2025-0224

Provision-ISR CVE-2025-0224 affects SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX (up to 20241220). Root cause: manipulation of an unknown functionality in /server.js leads to information disclosure; attack can be launched remotely and the exploit ...

6.9CVSS5.2AI score0.00426EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/05 4:31 p.m.14 views

CVE-2025-0224 Provision-ISR SH-4050A-2 server.js information disclosure

A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2LMM, SH-8100A-2LMM, SH-16200A-21U, SH-16200A-51U and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to...

6.9CVSS6.5AI score0.00426EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/05 12:0 a.m.5 views

Provision-ISR多款产品 访问控制错误漏洞

Provision-ISR SH-4050A-2 and others are a high quality dynamic hybrid digital video recorder from Provision-ISR. An access control error vulnerability exists in various Provision-ISR products. An attacker could exploit the vulnerability to disclose sensitive information. The following products ar...

6.9CVSS5.2AI score0.00426EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/05 12:0 a.m.4 views

PT-2025-3794 · Provision Isr · Provision-Isr Sh-16200A-2 +5

Name of the Vulnerable Software and Affected Versions: Provision-ISR SH-4050A-2 Provision-ISR SH-4100A-2LMM Provision-ISR SH-8100A-2LMM Provision-ISR SH-16200A-21U Provision-ISR SH-16200A-51U Provision-ISR NVR5-8200PX up to 20241220 Description: A vulnerability was found in Provision-ISR devices,...

6.9CVSS6.9AI score0.00426EPSS
Exploits0References12
NVD
NVD
added 2024/08/01 4:15 a.m.48 views

CVE-2024-7339

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...

6.9CVSS0.32028EPSS
Exploits2References4
OSV
OSV
added 2024/08/01 4:15 a.m.7 views

CVE-2024-7339

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be...

5.3CVSS4.8AI score0.32028EPSS
Exploits2References4
CVE
CVE
added 2024/08/01 4:0 a.m.115 views

CVE-2024-7339

CVE-2024-7339 affects TVT DVR TD-2104TS-CL, TD-2108TS-HP, Provision-ISR SH-4050A5-5L(MM) and AVISION AV108T, with information disclosure arising from an insecure /queryDevInfo handler due to insufficient access control. A remote attacker can trigger the leak; multiple sources note that an exploit...

6.9CVSS6.6AI score0.32028EPSS
In wildExploits2References4Affected Software1
CNNVD
CNNVD
added 2024/07/23 12:0 a.m.4 views

Ubuntu Desktop Provision 安全漏洞

Ubuntu Desktop Provision is an open source desktop provisioning program from Canonical. A security vulnerability exists in Ubuntu Desktop Provision versions prior to 0.1.5, which stems from a binary issue that allows a local attacker to elevate privileges...

8.8CVSS6.2AI score0.00263EPSS
Exploits1References6
OSV
OSV
added 2024/07/01 7:59 p.m.19 views

GO-2024-2930 RKE credentials are stored in the RKE1 Cluster state ConfigMap in github.com/rancher/rke

When RKE provisions a cluster, it stores the cluster state in a configmap called "full-cluster-state" inside the "kube-system" namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include sensitive data...

9.9CVSS9.2AI score0.00641EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/01 12:56 p.m.16 views

CVE-2024-6425 Incorrect Provision of Specified Functionality vulnerability in MESbook

Incorrect Provision of Specified Functionality vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can register user accounts without being authenticated from the route "/account/Register/" and in the parameters "UserName=&Password=&ConfirmPassword="...

9.1CVSS0.00544EPSS
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.8 views

OPENSUSE-SU-2024:11535-1 yast2-samba-provision-1.0.5-1.2 on GA media

These are all security issues fixed in the yast2-samba-provision-1.0.5-1.2 package on the GA media of openSUSE Tumbleweed...

7.8CVSS7.7AI score0.00341EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2024/03/22 7:23 p.m.3 views

provision.com.au Cross Site Scripting vulnerability OBB-3884343

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Oracle linux
Oracle linux
added 2023/09/06 12:0 a.m.30 views

istio security update

istio 1.17.5-1 - Addresses CVE CVE-2023-35941, CVE-2023-35942, CVE-2023-35943, CVE-2023-35944. kubevirt 0.58.0-3 - Ensure that selinux build tags are set for all Go builds olcne 1.7.2-2 - Update kubevirt image versions fixing selinux=enforce not being supported 1.7.2-1 - Add Istio-1.17.5 and...

9.8CVSS9.6AI score0.00735EPSS
Exploits3
Rows per page
Query Builder