8 matches found
CVE-2026-32609
Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...
CVE-2026-30928 Glances Exposes Unauthenticated Configuration Secrets
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...
CVE-2025-3456 On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protoc...
Lemur subject to insecure random generation
Overview Lemur was using insecure random generation for its example configuration file, as well as for some utilities. Impact The potentially affected generated items include: | Configuration item | Config option name if applicable | Documentation link if applicable | Rotation option | Code...
PT-2023-22986 · Netflix · Netflix Lemur
Name of the Vulnerable Software and Affected Versions: Netflix Lemur versions prior to 1.3.2 Description: The issue is related to Netflix Lemur using insufficiently random values when generating default credentials. This may allow an attacker to guess the credentials and gain access to resources...
Decrypt Citrix NetScaler Config Secrets
This module takes a Citrix NetScaler ns.conf configuration file as input and extracts secrets that have been stored with reversible encryption. The module supports legacy NetScaler encryption RC4 as well as the newer AES-256-ECB and AES-256-CBC encryption types. It is also possible to decrypt...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.13 bug fix and security update
Red Hat OpenShift Container Platform release 4.6.13 is now available with updates to packages and images that fix several bugs. This release also includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of...
kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like...