Lucene search
+L

8 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.3 views

curl: curl: Information disclosure via incorrect .netrc password lookup

A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...

9.1CVSS6AI score0.0061EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2026/03/18 5:55 p.m.5 views

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS5.8AI score0.00282EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/16 4:36 p.m.12 views

Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...

8.1CVSS5.9AI score0.00282EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/16 4:36 p.m.5 views

GHSA-VX5F-957P-QPVM Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...

8.1CVSS5.9AI score0.00282EPSS
Exploits1References5
NVD
NVD
added 2021/05/27 7:15 p.m.18 views

CVE-2020-10729

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords a...

5.5CVSS0.00435EPSS
Exploits1References3
PyPA
PyPA
added 2021/05/27 7:15 p.m.9 views

PYSEC-2021-105

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords a...

5.5CVSS6.7AI score0.00435EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2021/05/27 6:46 p.m.27 views

CVE-2020-10729

A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords a...

5.5CVSS6.9AI score0.00435EPSS
Exploits1
Veracode
Veracode
added 2020/05/06 2:26 a.m.26 views

Information Disclosure

ansible is vulnerable to information disclosure. The template caching generates identical values when consecutive facts are created from password lookup with same length. This causes the passwords for different fields to be exposed...

5.5CVSS1.5AI score0.00435EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder