Lucene search
K

158 matches found

Cvelist
Cvelist
added 2023/04/17 2:21 p.m.30 views

CVE-2023-1831 User password logged in audit logs

Mattermost fails to redact from audit logs the user password during user creation and the user password hash in other operations if the experimental audit logging configuration was enabled ExperimentalAuditSettings section in config...

7.2CVSS7.8AI score0.0042EPSS
Exploits0References1
NVD
NVD
added 2023/03/06 6:15 p.m.35 views

CVE-2023-22481

FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...

5.5CVSS4.8AI score0.00474EPSS
Exploits1References2
OSV
OSV
added 2023/03/06 5:33 p.m.19 views

CVE-2023-22481 Sensitive information exposure in the logs of greader API in FreshRSS

FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users//logapi.txt in the case where the authentication fails. The issues occurs in authorizationToUser in greader.php. If there is an issue with the request or the credentials,...

4CVSS5.8AI score0.00474EPSS
Exploits1References4
Veracode
Veracode
added 2023/01/18 12:45 a.m.25 views

Information Disclosure

ovirt is vulnerable to information disclosure. An attacker with sufficient privileges is able to read the log file due to plaintext password logging in the log file when using otapi-style...

6.5CVSS6AI score0.00399EPSS
Exploits0References5Affected Software4
ATTACKERKB
ATTACKERKB
added 2022/09/23 11:15 a.m.3 views

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...

5.3CVSS6AI score0.003EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/08/04 6:15 p.m.25 views

Design/Logic Flaw

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

3.3CVSS5.3AI score0.00643EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/08/04 5:15 p.m.79 views

CVE-2022-31119

CVE-2022-31119 affects Nextcloud Mail: affected versions log user passwords to disk upon misconfiguration, enabling potential complete account access if log files are compromised. RedHat/Red Hat-affiliated advisories and Nextcloud security notes confirm the issue and recommend upgrading Nextcloud...

4.9CVSS4.7AI score0.00643EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.7 views

Nextcloud 日志信息泄露漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A log message disclosure vulnerability exists in Nextcloud Mail that originates from logging user passwords to disk...

4.9CVSS5.3AI score0.00643EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.5 views

PT-2022-20542 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.12.1 Description: The issue affects Nextcloud Mail, an email application for the Nextcloud personal cloud product. In the event of a misconfiguration, affected versions of Nextcloud Mail would log user...

4.9CVSS5.1AI score0.00643EPSS
Exploits0References6
Prion
Prion
added 2022/06/03 8:15 p.m.19 views

Authentication flaw

Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a when configured to use local, RADIUS, or TACACS authentication logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username...

7.1CVSS6.7AI score0.00763EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/08 12:0 a.m.6 views

PT-2022-17553 · Samsung · Galaxy Watch Plugin

Name of the Vulnerable Software and Affected Versions: Galaxy Watch Plugin versions prior to 2.2.05.22012751 Description: The issue allows an attacker to access password information of connected WiFiAp in the log. Recommendations: For Galaxy Watch Plugin versions prior to 2.2.05.22012751, update ...

3.3CVSS4AI score0.00204EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/25 7:59 p.m.25 views

CVE-2022-25264

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases...

7.7AI score0.00949EPSS
Exploits0References2
NVD
NVD
added 2021/11/05 12:15 a.m.8 views

CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

7.2CVSS0.00279EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/11/04 11:8 p.m.30 views

CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

4.4CVSS6.8AI score0.00279EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/08/17 8:33 a.m.70 views

Moderate: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

5.5CVSS6.1AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2021/07/11 8:13 a.m.1 views

OPENSUSE-SU-2021:2147-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016...

7.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/26 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-4998-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.2AI score0.02449EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2021/06/25 2:38 a.m.209 views

USN-4998-1: Ceph vulnerabilities

It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. CVE-2020-25678 Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain...

7.2CVSS7AI score0.02449EPSS
Exploits1
OSV
OSV
added 2021/06/11 10:56 a.m.1 views

SUSE-SU-2021:1960-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - Do not log passwords in logfiles bsc1184016...

7.2AI score
Exploits0References2
OSV
OSV
added 2021/06/11 10:55 a.m.1 views

SUSE-SU-2021:1959-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016...

7.3AI score
Exploits0References2
Rows per page
Query Builder