57 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUGQLA1280 enabled and qldebuglevel 2. I think its clear from the code that the...
CVE-2026-4659
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insufficient path traversal sanitization in the URLtoRelative and urlToPath functions, combined with the...
CVE-2026-23303
A flaw was found in the Linux kernel's Server Message Block SMB client. When debug logging is enabled, the cifssetcifscreds function logs plaintext credentials, including usernames and passwords. This information disclosure vulnerability allows a local attacker with access to the debug logs to...
GHSA-8GGH-XWR9-3373 Ansible Community General Collection is vulnerable to exposure of sensitive information
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
DEBIAN-CVE-2025-14010
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and...
PT-2025-49009
Name of the Vulnerable Software and Affected Versions ansible-collection-community-general affected versions not specified Description A flaw exists in ansible-collection-community-general that can lead to information exposure of sensitive credentials, specifically plaintext passwords. This occur...
Linux Distros Unpatched Vulnerability : CVE-2025-14010
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure IE of sensitive credentials, specifically plaintext...
EUVD-2025-31616
Malicious code in bioql PyPI...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031 Medical Informatics Engineering Enterprise Health includes session token in debug output
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031 Medical Informatics Engineering Enterprise Health includes session token in debug output
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health is affected by CVE-2025-35031, where the software includes the user’s current session token in debug output. This enables an attacker to impersonate the user if the token is exfiltrated (e.g., via the user sending debug output). The issue is fixed...
PT-2025-39872
Name of the Vulnerable Software and Affected Versions Medical Informatics Engineering Enterprise Health affected versions not specified Description The software includes a user's current session token in debug output. An attacker could potentially convince a user to send this output to the...
Medical Informatics Engineering Enterprise Health 安全漏洞
Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from the inclusion of a user's current session token in the debug output, which...
Security update for python-oslo.utils
This update for python-oslo.utils fixes the following issues: CVE-2022-0718: Fixed incorrect password masking in debug output. bsc1196454 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can r...
DEBIAN-CVE-2025-21957
In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUGQLA1280 enabled and qldebuglevel 2. I think its clear from the code that the...
U.S. Dept Of Defense: Debug Info disclose
A debug information disclosure vulnerability was discovered. The vulnerability allowed the disclosure of debug output information through a specific request parameter. The vulnerability has been reported but no further details are provided...
DEBIAN-CVE-2023-52908
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL dereference Fix potential NULL dereference, in the case when "man", the resource manager might be NULL, when/if we print debug information...