Lucene search
K

28 matches found

Snyk
Snyk
added 2026/06/10 5:24 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the bearerTokenFile field in the ServiceMonitor resource. An attacker can exfiltrate sensitive files from the pod filesystem by configuring a ServiceMonitor to reference arbitrary files and directing the scrape...

7.7CVSS5.9AI score0.00017EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 5:24 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the bearerTokenFile field in the ServiceMonitor resource. An attacker can exfiltrate sensitive files from the pod filesystem by configuring a ServiceMonitor to reference arbitrary files and directing the scrape...

7.7CVSS5.9AI score0.00017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/10 5:24 p.m.18 views

OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth

Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...

5.6AI score0.00017EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 5:12 a.m.5 views

CVE-2026-5622

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

6.3CVSS5.3AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 4:30 a.m.14 views

CVE-2026-5622

CVE-2026-5622 affects hcengineering Huly Platform 0.7.382. The vulnerability concerns the JWT Token Handler component, specifically foundations/core/packages/token/src/token.ts, where manipulating SERVER_SECRET with the input secret leads to the use of a hard-coded cryptographic key. The issue ca...

6.3CVSS5.3AI score0.00255EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2026/01/27 12:0 a.m.7 views

fence-agents security update

4.2.1-129.20 - bundled urllib3: fix CVE-2025-66471 - bundled urllib3: fix CVE-2026-21441 Resolves: RHEL-139756, RHEL-140783 4.2.1-129.17 - bundled urllib3: fix CVE-2025-66418 Resolves: RHEL-136027 4.2.1-129.16 - fencenutanixahv: new fence agent Resolves: RHEL-110964 4.2.1-129.15 - fencekubevirt:...

8.9CVSS5.8AI score0.02667EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/10/24 6:38 p.m.6 views

CVE-2025-10937

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

6.8CVSS7AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 9:31 p.m.5 views

EUVD-2025-35720

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

6.8CVSS6.5AI score0.00156EPSS
Exploits0References5
NVD
NVD
added 2025/10/23 7:15 p.m.6 views

CVE-2025-10937

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

6.8CVSS0.00156EPSS
Exploits0References4
CVE
CVE
added 2025/10/23 6:24 p.m.13 views

CVE-2025-10937

CVE-2025-10937 concerns Oxford Nanopore MinKNOW (versions up to 24.11). The DoS arises from how a local authentication token is written to a temporary file, created in /tmp and world-accessible, allowing an unauthenticated local user/process to place a file lock (flock) on the token file, prevent...

6.8CVSS6.7AI score0.00156EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/23 6:24 p.m.8 views

CVE-2025-10937 Oxford Nanopore Technologies MinKNOW Improper Check for Unusual or Exceptional Conditions

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

6.8CVSS0.00156EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/23 6:24 p.m.5 views

CVE-2025-10937 Oxford Nanopore Technologies MinKNOW Improper Check for Unusual or Exceptional Conditions

Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...

6.8CVSS6.7AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.7 views

PT-2025-42400

Name of the Vulnerable Software and Affected Versions YAML::Syck versions before 1.36 Description YAML::Syck, a Perl module, contains a flaw due to missing null terminators in the token.c file. This can lead to an out-of-bounds read, potentially resulting in information disclosure. The issue is...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-30402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm- token.re. Note: This has been disputed by third parties who...

5.5CVSS5.6AI score0.00291EPSS
Exploits1References2
OSV
OSV
added 2023/09/11 7:15 p.m.7 views

AZL-45396 CVE-2023-39070 affecting package cppcheck for versions less than 2.18.3-1

An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...

7.8CVSS7.5AI score0.00266EPSS
Exploits1References1
Snyk
Snyk
added 2023/04/26 11:35 a.m.2 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the handledotlabel function at /nasm/nasm-token.re. Remediation There is no fixed version for yasm. References - GitHub Issue Credit: randomssr...

7.3CVSS7AI score0.00291EPSS
Exploits1References2
OSV
OSV
added 2023/04/25 4:15 p.m.10 views

AZL-26359 CVE-2023-30402 affecting package yasm 1.3.0-17

YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

5.5CVSS5.7AI score0.00291EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/04/25 4:15 p.m.2 views

CVE-2023-30402

YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...

5.5CVSS6AI score0.00291EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/07/14 12:0 a.m.5 views

PT-2022-22004 · I3Geo · I3Geo

Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered via the request token.php file, which suggests it may be related to the...

6.1CVSS6.2AI score0.02804EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/07/14 12:0 a.m.6 views

PT-2022-22003 · Unknown · Portal Do Software Publico Brasileiro I3Geo

Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered via the access token.php file. Cross-site scripting XSS is a type of...

6.1CVSS6.1AI score0.02804EPSS
Exploits1References9
Rows per page
Query Builder