Page 2 of 21 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. Se ha encontrado un fallo en RHDM, en el que los campos de formulario HTML confidenciales, como la contraseña, tienen habilitado el autocompletado, lo que puede conllevar a un filtrado de credenciales • https://access.redhat.com/security/cve/CVE-2019-14840 https://bugzilla.redhat.com/show_bug.cgi?id=1748185 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources. Se encontró un fallo en todas las versiones compatibles anteriores a wildfly-elytron-1.6.8.Final-redhat-00001, donde las comprobaciones de la función WildFlySecurityManager son omitidas cuando se usan administradores de seguridad personalizados, resultando en una autorización inapropiada. Este fallo conlleva a una exposición de una información mediante el acceso no autenticado hacia unos recursos seguros A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources. • https://bugzilla.redhat.com/show_bug.cgi?id=1807707 https://security.netapp.com/advisory/ntap-20201001-0005 https://access.redhat.com/security/cve/CVE-2020-1748 • CWE-285: Improper Authorization •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. Se detectó un fallo en Keycloak versiones anteriores a 11.0.0, donde la base de código contiene usos de la función ObjectInputStream sin ningún tipo de comprobaciones. Este fallo permite a un atacante inyectar Objetos Java serializados arbitrariamente, que luego se deserializarán en un contexto privilegiado y conlleva potencialmente a una ejecución de código remota. A flaw was found in Keycloak, where the code base contains usages of ObjectInputStream without type checks. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714 https://github.com/keycloak/keycloak/pull/7053 https://access.redhat.com/security/cve/CVE-2020-1714 https://bugzilla.redhat.com/show_bug.cgi?id=1705975 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. Se encontró un fallo en Hibernate ORM en versiones anteriores a 5.3.18, 5.4.18 y 5.5.0.Beta1. Una inyección SQL en la implementación de la API JPA Criteria puede permitir literales no saneados cuando es usado un literal en las partes de la consulta SELECT o GROUP BY. • https://bugzilla.redhat.com/show_bug.cgi?id=1666499 https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E https://security.netapp.com/advisory/ntap-20220210-0020 https://access.redhat.com/security/cve/CVE-2019-14900 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. Se detectó un fallo en "ALTER ... • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1720 https://www.postgresql.org/about/news/2011 https://access.redhat.com/security/cve/CVE-2020-1720 https://bugzilla.redhat.com/show_bug.cgi?id=1798852 • CWE-285: Improper Authorization CWE-862: Missing Authorization •