4200 matches found
AZL-42880 CVE-2024-6104 affecting package cert-manager for versions less than 1.12.12-3
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42913 CVE-2024-6104 affecting package cri-o for versions less than 1.22.3-6
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
DEBIAN-CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42942 CVE-2024-6104 affecting package keda for versions less than 2.4.0-22
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42910 CVE-2024-6104 affecting package skopeo for versions less than 1.14.2-7
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
UBUNTU-CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
HashiCorp go-retryablehttp Log Information Disclosure Vulnerability
go-retryablehttp is a retryable HTTP client in Go open-sourced by HashiCorp. A security vulnerability exists in Hashicorp go-retryablehttp versions prior to 0.7.7, which stems from failure to clean up a URL when writing it to a log file, resulting in sensitive HTTP basic authentication credential...
Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign
A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA Europe, Middle East, and Africa with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are...
OPENSUSE-SU-2024:11432-1 texlive-collection-basic-2021.185.svn56569-52.2 on GA media
These are all security issues fixed in the texlive-collection-basic-2021.185.svn56569-52.2 package on the GA media of openSUSE Tumbleweed...
CVE-2024-36395 Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
PT-2024-27689 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6165 20211012 Description: A stack overflow issue was discovered in the setWiFiBasicCfg function via the ssid parameter. This issue can potentially be exploited. Recommendations: For TOTOLINK A3700R version...
CVE-2024-30534
Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.5...
CVE-2024-30534
Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5...
CVE-2024-30534
Technical details about CVE-2024-30534 (Calendarista Basic Edition,
CVE-2024-30534 WordPress Calendarista Basic Edition plugin <= 3.0.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in typps Calendarista Basic Edition calendarista-basic-edition.This issue affects Calendarista Basic Edition: from n/a through = 3.0.5...
PT-2024-23463 · Typps · Typps Calendarista Basic Edition
Name of the Vulnerable Software and Affected Versions: typps Calendarista Basic Edition versions 3.0.5 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects typps Calendarista Basic Edition. Recommendations: For versions 3.0.5 and...
Sensitive Information Exposure
chainguard.dev/apko is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper redaction of sensitive information within error log output, where HTTP basic auth credentials from repository and keyring URLs are exposed, which allows an attacker with access to logs to...