CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

Design/Logic Flaw

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

CVE-2020-11922

An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being...

WiZ Connected WiZ Colors A60 信息泄露漏洞

WiZ Connected WiZ Colors A60 is a smart LED light from the Chinese company WiZ Connected. An information disclosure vulnerability exists in WiZ Colors A60 version 1.14.0, which stems from the device sending unnecessary information to the cloud controller server. No details of the vulnerability ar...

PT-2021-9428 · Unknown · Wiz Colors A60

Name of the Vulnerable Software and Affected Versions: WiZ Colors A60 version 1.14.0 Description: An issue was discovered where the device sends unnecessary information to the cloud controller server, including the local IP address and the SSID of the Wi-Fi network it is connected to. Although th...

CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

UBUNTU-CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

CVE-2020-8563 Secret leaks in logs for vSphere Provider kube-controller-manager

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

CVE-2020-5423

CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...

Design/Logic Flaw

CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...

CVE-2020-5423

CVE-2020-5423 affects Cloud Foundry’s CAPI (Cloud Controller): versions prior to 1.101.0 are vulnerable to a denial-of-service caused by an unauthenticated attacker sending specially-crafted YAML to certain endpoints, triggering the YAML parser to consume excessive CPU and RAM. Reported as a high...

CVE-2020-5423 Cloud Controller is vulnerable to denial of service via YAML parsing

CAPI Cloud Controller versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM...

Cloud Foundry Cloud Controller Resource Management Error Vulnerability

The Cloud Foundry Cloud Controller is a component of the Cloud Foundry Foundation that is responsible for interacting with users in the Cloud Foundry architecture. This component manages the entire lifecycle of an app and allows users to interact with Cloud Server from the command line. A securit...

CVE-2020-5426 Scheduler for TAS can transmit privileged UAA token in plaintext

Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give ...

Information Disclosure

github.com/kubernetes/kubernetes is vulnerable to information disclosure. When using using VSphere as a cloud provider a with logging level set to 4 or above, VSphere cloud credentials will are leaked in the cloud controller manager's log...

CVE-2020-5417

CVE-2020-5417 affects Cloud Foundry CAPI (Cloud Controller) versions prior to 1.97.0 when an app domain is also the system domain (as in default CF deployments). The issue allows a developer’s app to maliciously or accidentally claim sensitive routes that were intended for system components, pote...

CVE-2020-5400

Cloud Foundry Cloud Controller CAPI, versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected b...

CVE-2020-5400

CVE-2020-5400 affects Cloud Foundry Cloud Controller (CAPI) prior to 1.91.0. The issue arises because background-job logging may capture environment properties (e.g., credentials) from app manifests, enabling a malicious user with access to logs to exfiltrate sensitive credentials. Public referen...

Cloud Foundry Cloud Controller API Information Disclosure Vulnerability

Cloud Foundry is a set of open source Platform as a Service PaaS cloud computing platforms from the Cloud Foundry Foundation in the United States. The product provides container scheduling, continuous delivery and automated service deployment, etc. Cloud Controller API is one of the cloud...