142 matches found
CVE-2019-14525
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...
CVE-2019-10363
Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...
CVE-2019-10363
Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...
Design/Logic Flaw
Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...
CVE-2019-10363
Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...
Apache Syncope Information Disclosure Vulnerability (CNVD-2018-18783)
Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from an information disclosure vulnerabili...
CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
CVE-2018-11320
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...
CVE-2018-11320
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...
CVE-2018-11320
CVE-2018-11320 affects Octopus Deploy installations running 2018.4.4–2018.5.1, where Octopus variables sourced from the target are not obfuscated in deployment logs. The connected Red Hat, CNVD, and NVD records corroborate the same vulnerable window and behavior. The core issue is exposure of sen...
CVE-2018-11320
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...
CVE-2017-2592
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...
SUSE-SU-2017:0848-1 Security update for python-oslo.middleware
This update for python-oslo.middleware fixes the following issues: Security issue fixed: - CVE-2017-2592: Using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure bsc1022043...
python-oslo-middleware: CatchErrors leaks sensitive values into error logs
An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs for example, keystone tokens...
Nextcloud: bug reporting template encourages users to paste config file with passwords
The dangerous bug reporting template ============================= The github bug reporting template for nextcloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...
SAP Download Manager 2.1.142 Weak Encryption
Advisory Information Title: SAP Download Manager Password Weak Encryption Advisory ID: CORE-2016-0004 Advisory URL: http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption Date published: 2016-03-08 Date of last update: 2016-03-07 Vendors contacted: SAP Release mode:...
USN-2282-1: Linux kernel vulnerabilities
Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 An flaw was discovered in the Linux kernel's audit subsystem when auditing...
Debian DSA-2781-1 : python-crypto - PRNG not correctly reseeded in some situations
A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all...
NetScaler web management cookie cipher weakness
The remote web server is prone to an information disclosure attack. Description : The version of the Citrix NetScaler web management interface on the remote host uses weak encryption for protecting the HTTP cookie content by XORing sensitive values, including the username and password, with a fix...
CVE-2008-1146
A certain pseudo-random number generator PRNG algorithm that uses XOR and 3-bit random hops aka "Algorithm X3", as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issu...