28 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the bearerTokenFile field in the ServiceMonitor resource. An attacker can exfiltrate sensitive files from the pod filesystem by configuring a ServiceMonitor to reference arbitrary files and directing the scrape...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the bearerTokenFile field in the ServiceMonitor resource. An attacker can exfiltrate sensitive files from the pod filesystem by configuring a ServiceMonitor to reference arbitrary files and directing the scrape...
OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth
Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...
CVE-2026-5622
A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...
CVE-2026-5622
CVE-2026-5622 affects hcengineering Huly Platform 0.7.382. The vulnerability concerns the JWT Token Handler component, specifically foundations/core/packages/token/src/token.ts, where manipulating SERVER_SECRET with the input secret leads to the use of a hard-coded cryptographic key. The issue ca...
fence-agents security update
4.2.1-129.20 - bundled urllib3: fix CVE-2025-66471 - bundled urllib3: fix CVE-2026-21441 Resolves: RHEL-139756, RHEL-140783 4.2.1-129.17 - bundled urllib3: fix CVE-2025-66418 Resolves: RHEL-136027 4.2.1-129.16 - fencenutanixahv: new fence agent Resolves: RHEL-110964 4.2.1-129.15 - fencekubevirt:...
CVE-2025-10937
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
EUVD-2025-35720
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
CVE-2025-10937
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
CVE-2025-10937
CVE-2025-10937 concerns Oxford Nanopore MinKNOW (versions up to 24.11). The DoS arises from how a local authentication token is written to a temporary file, created in /tmp and world-accessible, allowing an unauthenticated local user/process to place a file lock (flock) on the token file, prevent...
CVE-2025-10937 Oxford Nanopore Technologies MinKNOW Improper Check for Unusual or Exceptional Conditions
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
CVE-2025-10937 Oxford Nanopore Technologies MinKNOW Improper Check for Unusual or Exceptional Conditions
Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorize...
PT-2025-42400
Name of the Vulnerable Software and Affected Versions YAML::Syck versions before 1.36 Description YAML::Syck, a Perl module, contains a flaw due to missing null terminators in the token.c file. This can lead to an out-of-bounds read, potentially resulting in information disclosure. The issue is...
Linux Distros Unpatched Vulnerability : CVE-2023-30402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm- token.re. Note: This has been disputed by third parties who...
AZL-45396 CVE-2023-39070 affecting package cppcheck for versions less than 2.18.3-1
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the handledotlabel function at /nasm/nasm-token.re. Remediation There is no fixed version for yasm. References - GitHub Issue Credit: randomssr...
AZL-26359 CVE-2023-30402 affecting package yasm 1.3.0-17
YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...
CVE-2023-30402
YASM v1.3.0 was discovered to contain a heap overflow via the function handledotlabel at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code...
PT-2022-22004 · I3Geo · I3Geo
Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered via the request token.php file, which suggests it may be related to the...
PT-2022-22003 · Unknown · Portal Do Software Publico Brasileiro I3Geo
Name of the Vulnerable Software and Affected Versions: Portal do Software Publico Brasileiro i3geo version 7.0.5 Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability was discovered via the access token.php file. Cross-site scripting XSS is a type of...