334 matches found
CVE-2019-15358
The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system propert...
CVE-2019-15380
The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/PhotoPro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a...
CVE-2019-15382
The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOTNOVA/CUBOTNOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a...
CVE-2019-15355
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify ...
CVE-2019-15432
The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app versionCode=2, versionName=2.0.0VER32516486284094 that allows other pre-installed apps to perform system...
CVE-2019-15372
The Hisense F17 Android device with a build fingerprint of Hisense/F174G/HS6739MT:8.1.0/O11019/HisenseF174G00S01:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify...
CVE-2019-15367
The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system property...
CVE-2019-15353
The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system...
CVE-2019-15357
The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to modify a system proper...
Linux Distros Unpatched Vulnerability : CVE-2010-3860
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows...
Keycloak 26.0.8 Multiple Vulnerabilities (26_0_8)
The version of Keycloak installed on the remote host is prior to 26.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 2608 advisory. - A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm...
CVE-2024-11736 Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...
CVE-2024-11736
CVE-2024-11736 (Keycloak) : The vulnerability arises when admins configure backchannel logout or admin URLs containing placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with environment variables/system properties during URL processing, potentially allowing a...
CVE-2024-11736 Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...
GHSA-F4V7-3MWW-9GC2 Keycloak allows unrestricted admin use of system and environment variables
A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME ...
org.keycloak:keycloak-quarkus-server: Unrestricted admin use of system and environment variables
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...
PT-2025-1684 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A security issue allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin...
CVE-2024-23377
Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...
CVE-2024-23377 Use of Out-of-range Pointer Offset in ComputerVision
Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver...
GeoServer's Server Status shows sensitive environmental variables and Java properties
GeoServer's Server Status page and REST API at /geoserver/rest/about/status lists all environment variables and Java properties to any GeoServer user with administrative rights as part of those modules' status message. These variables/properties can also contain sensitive information, such as...