Lucene search
K

329 matches found

Prion
Prion
added 2021/11/02 12:15 p.m.15 views

Design/Logic Flaw

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

5CVSS7.6AI score0.00588EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/02 11:39 a.m.46 views

CVE-2021-37842

CVE-2021-37842 affects Couchbase Server 7.0.0 (metakv). The issue arises from using cleartext storage of sensitive information, enabling potential leakage of Remote Cluster XDCR credentials in debug logs when a config key being logged has an attached tombstone purge timestamp. The Connected docum...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/02 11:39 a.m.15 views

CVE-2021-37842

metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...

7.8AI score0.00588EPSS
Exploits0References2
NVD
NVD
added 2021/07/06 11:15 a.m.16 views

CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

7.5CVSS0.00563EPSS
Exploits0References1
OSV
OSV
added 2021/07/06 11:15 a.m.6 views

CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

7.5CVSS7.1AI score0.00563EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/06 10:56 a.m.22 views

CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

4CVSS7.7AI score0.00563EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/07/06 10:56 a.m.5 views

CVE-2021-24005

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

4CVSS5.4AI score0.00563EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/09 12:0 a.m.5 views

Palo Alto Networks Prisma Cloud 日志信息泄露漏洞

Palo Alto Networks Prisma Cloud is a comprehensive cloud-native security platform from US-based Palo Alto Networks, Inc. provides cloud security services. Palo Alto Networks Prisma Cloud Compute suffers from a log information disclosure vulnerability that originates when a secret used to authoriz...

5.5CVSS5.3AI score0.00537EPSS
Exploits0References3
Fortinet
Fortinet
added 2021/06/01 12:0 a.m.33 views

FortiAuthenticator - Hard-coded cryptographic keys used to encrypt sensitive data

Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...

5CVSS7.2AI score0.00563EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/05/19 7:15 p.m.4 views

CVE-2021-25644

An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...

7.5CVSS7.1AI score0.00638EPSS
Exploits0References2
OSV
OSV
added 2021/04/14 8:4 p.m.39 views

GO-2021-0064 Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go

Authorization tokens may be inappropriately logged if the verbosity level is set to a debug level. This is due to an incomplete fix for CVE-2019-11250...

5.5CVSS6.2AI score0.00512EPSS
Exploits0References3
NVD
NVD
added 2021/03/18 8:15 p.m.16 views

CVE-2021-25764

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...

5.3CVSS0.00768EPSS
Exploits0References2
OSV
OSV
added 2021/03/18 8:15 p.m.6 views

CVE-2021-25764

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...

5.3CVSS5.8AI score0.00768EPSS
Exploits0References2
Prion
Prion
added 2021/03/18 8:15 p.m.20 views

Code injection

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...

5CVSS5.4AI score0.00768EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/18 7:20 p.m.18 views

CVE-2021-25764

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...

6.7AI score0.00768EPSS
Exploits0References2
CVE
CVE
added 2021/03/18 7:20 p.m.629 views

CVE-2021-25764

PhpStorm (JetBrains) before 2020.3 is affected: the issue lets source code be written into debug logs (“Source code could be added to debug logs”). The vulnerability affects PhpStorm’s logging path and can lead to information disclosure via logs. The issue is tracked as CVE-2021-25764. Remediatio...

5.3CVSS5.4AI score0.00768EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/09 6:38 p.m.18 views

Security Bulletin: IBM Verify Gateway PAM components do not set restricted access permission for debug logs (CVE-2020-4405)

Summary To debug the IBM Verify Gateway IVG PAM components, customers can add "trace-file" parameters in the PAM configuration so that .log files are written to the /tmp directory. These debug logs potentially contain sensitive information, and yet they default to world readable. They should have...

4.3CVSS0.5AI score0.00922EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/09/14 12:0 a.m.3 views

McAfee Endpoint Security Access Control Error Vulnerability (CNVD-2020-52034)

McAfee Endpoint Security ENS is the United States McAfee McAfee company's set of framework for providing intelligent collaboration and advanced threat defense. The framework supports the entire threat defense lifecycle of real-time communications control and actionable threat forensics and so on...

4.7CVSS6.3AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2020/09/09 10:15 a.m.19 views

CVE-2020-7322

Information Disclosure Vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs...

4.7CVSS0.00246EPSS
Exploits0References1
OSV
OSV
added 2020/09/09 10:15 a.m.5 views

CVE-2020-7322

Information Disclosure Vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs...

4.7CVSS5.8AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder