Lucene search
K

334 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.8 views

CVE-2019-15358

The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system propert...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.8 views

CVE-2019-15380

The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/PhotoPro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 a.m.7 views

CVE-2019-15382

The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOTNOVA/CUBOTNOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:28 a.m.8 views

CVE-2019-15355

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify ...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:11 a.m.9 views

CVE-2019-15432

The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app versionCode=2, versionName=2.0.0VER32516486284094 that allows other pre-installed apps to perform system...

7.8CVSS6.7AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 a.m.6 views

CVE-2019-15372

The Hisense F17 Android device with a build fingerprint of Hisense/F174G/HS6739MT:8.1.0/O11019/HisenseF174G00S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 a.m.8 views

CVE-2019-15367

The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system property...

5.5CVSS6.6AI score0.00285EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:35 a.m.7 views

CVE-2019-15353

The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:35 a.m.6 views

CVE-2019-15357

The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system proper...

5.5CVSS6.6AI score0.00285EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2010-3860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows...

5CVSS5.5AI score0.02999EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/15 12:0 a.m.11 views

Keycloak 26.0.8 Multiple Vulnerabilities (26_0_8)

The version of Keycloak installed on the remote host is prior to 26.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 2608 advisory. - A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm...

6.5CVSS5.4AI score0.00927EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/01/14 8:36 a.m.17 views

CVE-2024-11736 Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

4.9CVSS5.1AI score0.00752EPSS
Exploits0References4
CVE
CVE
added 2025/01/14 8:36 a.m.94 views

CVE-2024-11736

CVE-2024-11736 (Keycloak) : The vulnerability arises when admins configure backchannel logout or admin URLs containing placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with environment variables/system properties during URL processing, potentially allowing a...

4.9CVSS5.1AI score0.00752EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/14 8:36 a.m.22 views

CVE-2024-11736 Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

4.9CVSS0.00752EPSS
Exploits0References4
OSV
OSV
added 2025/01/13 4:58 p.m.3 views

GHSA-F4V7-3MWW-9GC2 Keycloak allows unrestricted admin use of system and environment variables

A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME ...

4.9CVSS5.8AI score0.00752EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/01/13 3:43 p.m.8 views

org.keycloak:keycloak-quarkus-server: Unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

4.9CVSS5.8AI score0.00752EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.4 views

PT-2025-1684 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A security issue allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin...

4.9CVSS6.5AI score0.00752EPSS
Exploits0References13
NVD
NVD
added 2024/11/04 10:15 a.m.22 views

CVE-2024-23377

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...

6.7CVSS0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/04 10:4 a.m.33 views

CVE-2024-23377 Use of Out-of-range Pointer Offset in ComputerVision

Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...

6.7CVSS0.00103EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/07/01 7:20 p.m.35 views

GeoServer's Server Status shows sensitive environmental variables and Java properties

GeoServer's Server Status page and REST API at /geoserver/rest/about/status lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...

4.9CVSS6.9AI score0.00397EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder