38 matches found
OSEC-2026-09 Albatross-console memory exhaustion
Albatross-console doesn't properly terminate when looping over the ringbuffer. This leads to denial of service and memory exhaustion. Scenario A user that has access to albatross-console either via the unix domain socket requires root:albatross by default or via albatross-tls-endpoint requires a...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² ansible
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...
Astra Linux - ŃŃŠ·Š²ŠøŠ¼Š¾ŃŃŃ Š² ansible
A flaw was discovered in Ansible. Credentials, such as secrets, are being disclosed in the console logs by default, and are not protected by the nolog feature when those modules are used. An attacker can exploit this information to steal those credentials. The greatest threat posed by this...
CVE-2026-40212
OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...
CVE-2026-40212
OpenStack Skyline contains a DOM-based XSS in the console interface prior to 5.0.1, 6.0.0, and 7.0.0 due to unsafe use of document.write when administrators view instance console logs. Root cause is unsafe DOM manipulation in the console web UI. Impact is cross-site scripting in the admin console...
CVE-2026-40212
OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...
EUVD-2019-19952
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...
PT-2026-20592
Name of the Vulnerable Software and Affected Versions Web Accessibility by accessiBe versions up to and including 2.11 Description The Web Accessibility by accessiBe plugin for WordPress is susceptible to exposure of sensitive information. This occurs because the accessibe render js in footer...
EUVD-2013-5031
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-20178
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the...
Linux Distros Unpatched Vulnerability : CVE-2021-20180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the...
Linux Distros Unpatched Vulnerability : CVE-2021-20191
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those...
CVE-2013-5191
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions...
Updatecli exposes Maven credentials in console output
Summary Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation. Details During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application...
CVE-2024-41111
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...
CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...
Malicious code in console-logs (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4992 Malicious code in console-logs (PyPI)
--- -= Per source details. Do not edit below this line.=-...
TIBCO Software Hawk Trust Management Issue Vulnerability
TIBCO Software Hawk is a software product from TIBCO Software that allows monitoring and management of distributed computing applications. A security vulnerability exists in several products, including TIBCO Software Hawk, which stems from a vulnerability that allows an attacker to access the log...
SUSE CVE-2021-20180
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...