49 matches found
ROS-20241203-22
The vulnerability in the Puppet Agent launcher app is due to the fact that the app silently ignores the settings of the Augeas before the first synchronization of the plugin. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in...
PT-2024-5887 · Unknown +7 · Go-Retryablehttp +7
Name of the Vulnerable Software and Affected Versions: go-retryablehttp versions prior to 0.7.7 Description: The issue is related to the lack of sanitization of URLs when writing them to the log file. This could allow an attacker to obtain confidential HTTP basic authentication credentials...
CVE-2024-36127 apko Exposure of HTTP basic auth credentials in log output
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5...
SUSE SLES12 Security Update : rubygem-puppet (SUSE-SU-2022:3794-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3794-1 advisory. - A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a...
SUSE SLES12 Security Update : puppet (SUSE-SU-2022:3355-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3355-1 advisory. - A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a...
CVE-2021-27023
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
Heap overflow
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
CVE-2021-27023
CVE-2021-27023 affects Puppet Agent and Puppet Server and is an information disclosure vulnerability where HTTP credentials can leak when following redirects to a different host. The description notes a flaw in how HTTP redirects are handled, similar to CVE-2018-1000007. The NVD metrics indicate ...
Arista Networks Networks CloudVision Portal IP fragment DoS (SA0037)
The version of Arista Networks CloudVision Portal running on the remote device is affected by a denial of service DoS vulnerability. The Linux kernel is vulnerable to a DoS attack with low rates of specially modified packets targeting IP fragment re-assembly. An remote, unauthenticated attacker c...
Arista Networks CloudVision Portal Password Exposure (SA0045)
The version of Arista Networks CloudVision Portal running on the remote device is affected by an information disclosure vulnerability. Under certain conditions, the application logs user passwords in plain text for certain API calls, potentially leading to user password exposure. Note that Nessus...
Arista Networks CloudVision Portal Privilege Escalation (SA0044)
The version of Arista Networks CloudVision Portal running on the remote device is affected by a privilege escalation vulnerability. Users with read-only permissions can exploit this to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This...
GitLab CE/EE Information Disclosure Vulnerability (CNVD-2019-32223)
GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...
Ubuntu: Security Advisory (USN-3544-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3544-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3544-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...
Amazon Linux: Security Advisory (ALAS-2015-551)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated curl package fixes security vulnerability
libcurl can wrongly send HTTP credentials when re-using connections. Even if the handle for an HTTP connection is reset, it retains the credentials, which can cause them to be unintentionally leaked in subsequent requests CVE-2015-3236. libcurl can get tricked by a malicious SMB server to send of...
openSUSE Security Update : curl (openSUSE-2015-446)
Curl was updated to fix two security issues and enable metalink support The following vulnerabilities were fixed : - CVE-2015-3236: libcurl could have wrongly send HTTP credentials when re-using connections boo934501 - CVE-2015-3237: libcurl could have been tricked by a malicious SMB server to se...
Fedora 22 : curl-7.40.0-5.fc22 (2015-10155)
implement public key pinning for NSS backend 1195771 - fix lingering HTTP credentials in connection re-use CVE-2015-3236 - prevent SMB from sending off unrelated memory contents CVE-2015-3237 - curl-config --libs now works on x8664 without libcurl-devel.x8664 1228363 Note that Tenable Network...
FreeBSD : cURL -- Multiple Vulnerability (2438d4af-1538-11e5-a106-3c970e169bc2)
cURL reports : libcurl can wrongly send HTTP credentials when re-using connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password. Just like all other libcurl options the credentials...
CURL-CVE-2015-3236 lingering HTTP credentials in connection reuse
libcurl can wrongly send HTTP credentials when reusing connections. libcurl allows applications to set credentials for the upcoming transfer with HTTP Basic authentication, like with CURLOPTUSERPWD for example. Name and password. Like all other libcurl options the credentials are sticky and are...