1240 matches found
CVE-2023-41926
The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...
CVE-2023-41926
CVE-2023-41926 affects Kiloview P1/P2 devices with a web server that uses basic authentication over HTTP (port 80). Lack of encryption allows eavesdropping of credentials and potentially unauthorized access to the configuration interface. The CVSSv3.1 vector indicates network access, low attack c...
CVE-2023-41926 Insufficiently protected credentials in Kiloview P1/P2 devices
The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...
CVE-2023-41926 Insufficiently protected credentials in Kiloview P1/P2 devices
The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...
PT-2024-13015 · Kiloview · P1/P2 +2
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns the use of basic authentication for user login to the configuration interface of a webserver. Since encryption is disabled on port 80, this setup allows potential...
SUSE CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42904 CVE-2024-6104 affecting package keda for versions less than 2.14.0-2
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42886 CVE-2024-6104 affecting package influxdb for versions less than 2.7.3-5
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42874 CVE-2024-6104 affecting package packer for versions less than 1.9.5-2
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42898 CVE-2024-6104 affecting package prometheus for versions less than 2.45.4-3
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42922 CVE-2024-6104 affecting package rook for versions less than 1.6.2-21
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42880 CVE-2024-6104 affecting package cert-manager for versions less than 1.12.12-3
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
UBUNTU-CVE-2024-6104
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
HashiCorp go-retryablehttp Log Information Disclosure Vulnerability
go-retryablehttp is a retryable HTTP client in Go open-sourced by HashiCorp. A security vulnerability exists in Hashicorp go-retryablehttp versions prior to 0.7.7, which stems from failure to clean up a URL when writing it to a log file, resulting in sensitive HTTP basic authentication credential...
SUSE CVE-2024-36127
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5...
The vulnerability of the data import function in the 1C8 CMS system’s Netcat module stems from deficiencies in the authentication process. This allows attackers to bypass the HTTP Basic authentication process and gain unauthorized access to the data import function of 1C.
The vulnerability of the automatic data import function in the 1C8 CMS system’s Netcat component is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass the HTTP Basic authentication process and gain unauthorized access to the data impo...
RHEL 6 : tomcat (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - tomcat: Information Disclosure when using VirtualDirContext CVE-2017-12616 - Apache Tomcat 5.5.0 through...
GHSA-H7V2-2QWG-H829 Symfony has a security issue when parsing the Authorization header
All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...
PT-2024-10558 · Symfony · Symfony Httpfoundation
Name of the Vulnerable Software and Affected Versions: Symfony HttpFoundation component versions 2.0.X through 2.5.X Description: The issue arises when an application uses HTTP basic or digest authentication, and the Authorization header is not parsed properly by Symfony, potentially allowing...
DRUPAL-CONTRIB-2024-022
Drupal REST & JSON API Authentication module restricts and secures unauthorized access to your Drupal site APIs using different authentication methods including Basic Authentication , API Key Authentication , JWT Authentication , OAuth Authentication , External / Third-Party Provider...