11 matches found
EUVD-2015-1995
Malware in sbrugna...
CVE-2025-44823
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/getusers call. This is GL:NLS475...
EUVD-2025-28746
Malicious code in bioql PyPI...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview checkov is an Infrastructure as code static analysis Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere when cloning external modules from private registries. An attacker can obtain sensitive access keys by...
CVE-2025-6521
CVE-2025-6521 affects the TrendMakers Sight Bulb Pro. During initial setup, AES keys are passed in cleartext as the device negotiates with an access point, enabling an attacker on an adjacent network to decrypt management app communications and potentially access credentials. The CISA ICS advisor...
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot (CVE-2019-1589)
A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...
Hardcoded credentials
A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...
CVE-2019-1586
A vulnerability in Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on loca...
CVE-2015-1890
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System GPFS 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by...
Design/Logic Flaw
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System GPFS 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by...
CVE-2015-1890
CVE-2015-1890 affects IBM GPFS (General Parallel File System). A gpfs.snap diagnostic archive (created by /usr/lpp/mmfs/bin/gpfs.snap) may contain private TLS keys used for daemon communications, exposing possibility of impersonation/decryption if an attacker can access the archive. Affected GPFS...