CVE-2024-1775 Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-1775 Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2024-18296 · WordPress · Nextend Social Login/Register

Name of the Vulnerable Software and Affected Versions: Nextend Social Login and Register plugin for WordPress versions up to, and including, 3.1.12 Description: The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the error...

GHSA-2WGC-48G2-CJ5W vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

Information Exposure

Dependency-Check Core is vulnerable to Information Exposure Through Log Files. The vulnerability is due to the logging of sensitive information when in debug mode. An attacker with access to debug logs could potentially retrieve the NVD API Key and use it to perform arbitrary actions...

GHSA-FRXM-V7Q3-V2WV Insertion of Sensitive Information into Log File in OWASP DependencyCheck

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

CVE-2024-23686

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

Design/Logic Flaw

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

CVE-2024-23686 DependencyCheck Debug Mode Logging of NVD API Key

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

CVE-2024-23686 DependencyCheck Debug Mode Logging of NVD API Key

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...

CVE-2024-23686

CVE-2024-23686 affects DependencyCheck components: Maven (9.0.0–9.0.6), CLI (9.0.0–9.0.5), and Ant (9.0.0–9.0.5). The root cause is that in debug mode, logging sensitive data exposes the NVD API Key via log files, enabling an attacker with log access to recover the key. Several connected sources ...

Information Disclosure

org.owasp/dependency-check is vulnerable to Information Disclosure. The vulnerability is due to the nvdApiKey not being masked because it doesn't match the specified patterns. As a result, when debug mode is enabled using mvn -X, the API key is logged in clear text. This exposes the NVD API key...

PT-2023-28197 · Gallagher · Gallagher Controller 6000

Name of the Vulnerable Software and Affected Versions: Gallagher Controller 6000 versions 8.60 or earlier Gallagher Controller 6000 versions 8.70 prior to vCR8.70.231204a Description: Sensitive information is not properly cleared after a debug or power state transition in the Controller 6000. Thi...

nvdApiKey is logged in debug mode

Summary The value of nvdApiKey configuration parameter is logged in clear text in debug mode. Details The NVD API key is a kind of secret and should be treated like other secrets when logging in debug mode. Expecting the same behavior as for several password configurations: just print Note that...

GHSA-QQHQ-8R2C-C3F5 nvdApiKey is logged in debug mode

Summary The value of nvdApiKey configuration parameter is logged in clear text in debug mode. Details The NVD API key is a kind of secret and should be treated like other secrets when logging in debug mode. Expecting the same behavior as for several password configurations: just print Note that...

PT-2023-32948 · Unknown · Dependencycheck For Ant +2

Name of the Vulnerable Software and Affected Versions: DependencyCheck for Maven versions 9.0.0 through 9.0.6 DependencyCheck for CLI versions 9.0.0 through 9.0.5 DependencyCheck for Ant versions 9.0.0 through 9.0.5 Description: The issue allows an attacker to recover the NVD API Key from a log...

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

Sierra Wireless ALEOS Trust Management Issue Vulnerability

Sierra Wireless ALEOS AAF is a framework for creating applications in Sierra Wireless AirLink gateways from Sierra Wireless Canada. A vulnerability with trust management issues exists in Sierra Wireless ALEOS 4.16 and prior versions, which stems from a user being able to gain root privileges or...

Secret logging may occur in debug mode of Atlas Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...

CVE-2023-0436 Secret logging may occur in debug mode of Atlas Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...