GHSA-F8H5-V2VG-46RR quarkus-core leaks local environment variables from Quarkus namespace during application's build

A vulnerability was found in the quarkus-core component. Quarkus captures the local environment variables from the Quarkus namespace during the application's build. Thus, running the resulting application inherits the values captured at build time. However, some local environment variables may ha...

CVE-2023-33254

There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an...

CVE-2023-33254

There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an...

PT-2023-24248 · Quest · Kace Systems Deployment/Remote Site Appliances

Name of the Vulnerable Software and Affected Versions: KACE Systems Deployment and Remote Site appliances version 9.0.146 Description: There is an LDAP bind credentials exposure. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an...

Tenda AC1200 安全漏洞

The Tenda AC1200 is a wireless router from the Chinese company Tenda. A security vulnerability exists in Tenda AC1200 Model AC6 15.03.06.51multi devices, which originates from the default router speed test settings containing a malware download link named live or CNKI E-Learning. No details of th...

SSRF when adding Jira server in admin plugin

h2. Please be aware that Atlassian does not consider this issue to represent a security risk as the functionality is restricted to users with administrative rights. h3. Issue Summary When adding a Jira server in Bamboo under the "User directories" module, an attacker can put any value in the...

ALPINE-CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

DEBIAN-CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...