Lucene search
K

142 matches found

Cvelist
Cvelist
added 2019/08/05 11:22 a.m.20 views

CVE-2019-14525

In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call...

5AI score0.01528EPSS
Exploits0References3
OSV
OSV
added 2019/07/31 1:15 p.m.18 views

CVE-2019-10363

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...

4.9CVSS6.7AI score0.00608EPSS
Exploits0References2
NVD
NVD
added 2019/07/31 1:15 p.m.36 views

CVE-2019-10363

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...

4.9CVSS5.2AI score0.00608EPSS
Exploits0References2
Prion
Prion
added 2019/07/31 1:15 p.m.18 views

Design/Logic Flaw

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...

4CVSS5.1AI score0.00608EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/07/31 12:45 p.m.40 views

CVE-2019-10363

Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably identify sensitive values expected to be exported in their encrypted form...

5.1AI score0.00608EPSS
Exploits0References2
CNVD
CNVD
added 2018/09/14 12:0 a.m.42 views

Apache Syncope Information Disclosure Vulnerability (CNVD-2018-18783)

Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from an information disclosure vulnerabili...

4.9CVSS4.8AI score0.20502EPSS
Exploits4References1
NVD
NVD
added 2018/05/31 8:29 p.m.18 views

CVE-2016-10530

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

5.9CVSS5.6AI score0.01301EPSS
Exploits0References2
OSV
OSV
added 2018/05/21 2:29 p.m.4 views

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

9.8CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2018/05/21 2:29 p.m.19 views

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

9.8CVSS9.5AI score0.01376EPSS
Exploits0References1
CVE
CVE
added 2018/05/21 2:0 p.m.50 views

CVE-2018-11320

CVE-2018-11320 affects Octopus Deploy installations running 2018.4.4–2018.5.1, where Octopus variables sourced from the target are not obfuscated in deployment logs. The connected Red Hat, CNVD, and NVD records corroborate the same vulnerable window and behavior. The core issue is exposure of sen...

9.8CVSS9.3AI score0.01376EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/05/21 2:0 p.m.26 views

CVE-2018-11320

In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...

9.5AI score0.01376EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/05/08 5:0 p.m.80 views

CVE-2017-2592

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.9CVSS5.1AI score0.00467EPSS
Exploits0
OSV
OSV
added 2017/03/29 11:1 a.m.5 views

SUSE-SU-2017:0848-1 Security update for python-oslo.middleware

This update for python-oslo.middleware fixes the following issues: Security issue fixed: - CVE-2017-2592: Using the CatchError class may include sensitive values in the error message accompanying a Traceback, resulting in their disclosure bsc1022043...

5.9CVSS5.5AI score0.00467EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/02/22 5:23 p.m.7 views

python-oslo-middleware: CatchErrors leaks sensitive values into error logs

An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs for example, keystone tokens...

5.9CVSS5.7AI score0.00467EPSS
Exploits0References4
Hacker One
Hacker One
added 2017/01/09 12:40 p.m.15 views

Nextcloud: bug reporting template encourages users to paste config file with passwords

The dangerous bug reporting template ============================= The github bug reporting template for nextcloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/03/11 12:0 a.m.57 views

SAP Download Manager 2.1.142 Weak Encryption

Advisory Information Title: SAP Download Manager Password Weak Encryption Advisory ID: CORE-2016-0004 Advisory URL: http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption Date published: 2016-03-08 Date of last update: 2016-03-07 Vendors contacted: SAP Release mode:...

7.4AI score
Exploits0
Ubuntu
Ubuntu
added 2014/07/16 10:54 p.m.71 views

USN-2282-1: Linux kernel vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 An flaw was discovered in the Linux kernel's audit subsystem when auditing...

6.9CVSS6.6AI score0.02103EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2013/10/20 12:0 a.m.33 views

Debian DSA-2781-1 : python-crypto - PRNG not correctly reseeded in some situations

A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto. In some situations, a race condition could prevent the reseeding of the generator when multiple processes are forked from the same parent. This would lead it to generate identical output on all...

4.3CVSS8.1AI score0.02007EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2008/10/24 12:0 a.m.18 views

NetScaler web management cookie cipher weakness

The remote web server is prone to an information disclosure attack. Description : The version of the Citrix NetScaler web management interface on the remote host uses weak encryption for protecting the HTTP cookie content by XORing sensitive values, including the username and password, with a fix...

4.3CVSS5.9AI score0.00699EPSS
Exploits0References1
Cvelist
Cvelist
added 2008/03/04 11:0 p.m.20 views

CVE-2008-1146

A certain pseudo-random number generator PRNG algorithm that uses XOR and 3-bit random hops aka "Algorithm X3", as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issu...

6.6AI score0.01379EPSS
Exploits0References6
Rows per page
Query Builder