32 matches found
CVE-2021-43271
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a when configured to use local, RADIUS, or TACACS authentication logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username...
MGASA-2021-0420 Updated ansible packages fix security vulnerability
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...
Unspecified Vulnerability in SaltStack Salt (CNVD-2021-15044)
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to Salt 3002.5 that stems from the ability to log...
CVE-2019-11293
CVE-2019-11293 concerns Cloud Foundry UAA releases prior to v74.10.0. When set to DEBUG, the service logs client_secret credentials sent as query parameters to the uaa.log file, enabling credential disclosure. A remote authenticated attacker could gain user credentials via the log file if authent...
CVE-2019-16206
CVE-2019-16206 affects Broadcom/Brocade SANnav prior to version 2.0. The authentication mechanism logs plaintext account credentials at the trace and debug levels, enabling a local authenticated attacker to access sensitive information via log files. This information-disclosure flaw is consistent...
CVE-2019-0069
The CVE-2019-0069 issue affects Juniper Junos OS on multiple platforms (vSRX, SRX1500/4000, QFX5100/5200/10K, QFX5110, NFX, ACX5000, EX4600, SRX4000, etc.) running a Linux Host OS, where console management port authentication credentials are written to a log file in clear text. The vulnerability ...
CVE-2019-11273
The CVE-2019-11273 entry concerns Pivotal Container Services (PKS) with affected versions 1.3.x before 1.3.7 and 1.4.x before 1.4.1. A vulnerable component logs usernames and passwords to the billing database, allowing a remote authenticated user with access to those logs to potentially retrieve ...
Linux kernel local lift vulnerability (CNVD-2019-24795)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions prior to 5.1.17, which stems from the failure of ptracelink in the kernel/ptrace.c file to properly handle...
Unspecified Vulnerability in JetBrains IntelliJ IDEA Ultimate (CNVD-2019-24237)
JetBrains IntelliJ IDEA Ultimate is a Czech JetBrains integrated development environment for the Java language. An unspecified security vulnerability exists in JetBrains IntelliJ IDEA Ultimate that originates from the program logging server credentials in plaintext to the IDE configuration file. ...
CVE-2018-6971
VMware Horizon View Agents 7.x.x before 7.5.1 contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation including silent installations. Successful...
[Ghost Phisher] GUI suite for phishing and penetration attacks
Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and...
CVE-2005-1728
MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, allowing local users to obtain credentials. Affected component: MCX Client; impact: credential disclosure to local users; root cause: insecure logging. No remediation details provided in the sup...