EUVD-2020-3812

Malware in sbrugna...

Cleartext Storage Of Sensitive Information

PMD is vulnerable to Cleartext Storage of Sensitive Information. The vulnerability is due to exposed signing key passphrases due to their inclusion in a published JAR file on Maven Central, potentially compromising the associated private keys...

CVE-2020-11458

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from...

CVE-2020-11458

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from...

Code injection

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from...

CVE-2020-11458

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from...

CVE-2019-6693

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords except the...

CVE-2019-6648

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

Design/Logic Flaw

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

PT-2019-18230 · F5 +1 · F5 Container Ingress Service +3

Name of the Vulnerable Software and Affected Versions: F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr version 1.9.0 Description: The issue concerns the logging of sensitive information. When DEBUG logging is enabled on the affected version, log files may...

CVE-2017-8442

Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated...