27 matches found
EUVD-2019-15725
Malware in sbrugna...
EUVD-2019-0828
Malware in sbrugna...
EUVD-2018-0234
Malware in sbrugna...
EUVD-2025-21058
Malicious code in bioql PyPI...
EUVD-2023-28563
Malicious code in bioql PyPI...
EUVD-2025-19895
Malicious code in bioql PyPI...
PT-2025-27812 · Wire · Wire
Name of the Vulnerable Software and Affected Versions: Wire iOS versions 3.111.1 through 3.124.1 Description: The issue concerns the logging of messages in clear text to the iOS system logs when they are visible in the view port. This occurs due to the canOpenUrl function being called with an...
CVE-2024-53979
ibm.ibmzhmc is an Ansible collection for the IBM Z HMC. The Ansible collection "ibm.ibmzhmc" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'bootftppassword' and 'sscmasterpw' properties are...
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server...
CVE-2024-10404
CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive...
PT-2024-35963 · Unknown · Zhmcclient
Name of the Vulnerable Software and Affected Versions: zhmcclient versions prior to 1.18.1 Description: The Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in several cases, including when creating or updating a partition in DPM mode, updating a...
Code injection
An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...
nvdApiKey is logged in debug mode
Summary The value of nvdApiKey configuration parameter is logged in clear text in debug mode. Details The NVD API key is a kind of secret and should be treated like other secrets when logging in debug mode. Expecting the same behavior as for several password configurations: just print Note that...
CVE-2023-1904
In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server...
CVE-2023-1904
CVE-2023-1904 affects Octopus Server. The issue allows the OpenID client secret to be logged in clear text during server configuration. Public records in the provided documents confirm the vulnerability and its association with Octopus Server, but do not specify an official fix or affected versio...
CVE-2023-24547 On Arista MOS configuration of a BGP password will cause the password to be logged in clear text.
On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config...
CVE-2022-39351
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...
Omise: Secret API Key is logged in cleartext
Summary: While code-reviewing the repository , I have found that you log in clear-text some sensitive data. Steps To Reproduce: 1. Check here omise/request.pyL88 and here omise/request.pyL111 1. The code source explicitly logs in debugging mode the secret API key. logger.debug'Authorization: %s',...
GHSA-W4Q7-F34X-VPGC FreeIPA logs passwords embedded in commands in calls using batch
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...
ipa: Batch API logging user passwords to /var/log/httpd/error_log
A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party...