14 matches found
CVE-2020-5262
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
Toshiba e-STUDIO Security Vulnerability
Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that stems from critical information being contained in debug log files, which could be stolen by a third party with access to the multifunction device...
CVE-2023-45585
An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...
Tenable Network Security Nessus 安全漏洞
Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. A security vulnerability exists in Nessus. An attacker can exploit this vulnerability to read Nessus debug log file attachments from the web UI without proper privileges...
Graylog Privilege Permission and Access Control Issues Vulnerability
Graylog is a centralized log management solution from Graylog USA. The product supports capturing, storing and analyzing logs in real time, among other things. Graylog suffers from a privilege permission and access control issue vulnerability that stems from a session ID leak in the DEBUG log fil...
CVE-2021-3039
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...
CVE-2021-3039
CVE-2021-3039 affects Palo Alto Networks Prisma Cloud Compute Console. The issue is an information exposure where a secret used to authorize the authenticated user’s role is logged to a debug log file, enabling an authenticated Operator or Auditor with log access to potentially elevate to Adminis...
Prisma Cloud Compute: User role authorization secret for Console leaked through log file export
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...
CVE-2020-5262
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
PYSEC-2020-268
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
Information disclosure
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
PYSEC-2020-41
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
IBM Robotic Process Automation with Automation Anywhere Information Disclosure Vulnerability (CNVD-2019-20993)
IBM Robotic Process Automation with Automation Anywhere is a suite of process automation solutions from IBM USA. An information disclosure vulnerability exists in IBM Robotic Process Automation with Automation Anywhere version 11.0. An attacker could exploit this vulnerability to obtain email...
Default credentials
Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files...