CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

241 matches found

OSV•added 2020/07/29 5:15 p.m.•3 views

CVE-2020-15125

In auth0 npm package versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer...

7.7CVSS7AI score0.01539EPSS

Exploits0References4

NVD•added 2020/07/29 5:15 p.m.•7 views

CVE-2020-15125

7.7CVSS7.4AI score0.01539EPSS

Exploits0References4

ATTACKERKB•added 2020/07/29 5:15 p.m.•2 views

CVE-2020-15125

7.7CVSS5.4AI score0.01539EPSS

Exploits0References5Affected Software1

Prion•added 2020/07/29 5:15 p.m.•10 views

Authorization

4CVSS7.4AI score0.01539EPSS

Exploits0References4Affected Software1

OSV•added 2020/07/29 4:26 p.m.•24 views

GHSA-5JPF-PJ32-XX53 Authorization header is not sanitized in an error object in auth0

Overview Versions before and including 2.27.0 use a block list of specific keys that should be sanitized from the request object contained in the error object. When a request to Auth0 management API fails, the key for Authorization header is not sanitized and the Authorization header value can be...

7.7CVSS7.5AI score0.01539EPSS

Exploits0References5

Github Security Blog•added 2020/07/29 4:26 p.m.•65 views

Authorization header is not sanitized in an error object in auth0

7.7CVSS1.3AI score0.01539EPSS

Exploits0References6Affected Software1

Cvelist•added 2020/07/29 4:25 p.m.•13 views

CVE-2020-15125 Authorization header is not sanitized in an error object in auth0

7.7CVSS7.4AI score0.01539EPSS

Exploits0References4

CNVD•added 2020/06/28 12:0 a.m.•6 views

ActiveMQ Artemis management API Password Disclosure Vulnerability

Apache ActiveMQ Artemis is the United States Apache Apache Software Foundation, a project to provide embedded messaging services for Java applications. A password disclosure vulnerability exists in the ActiveMQ Artemis management API product, which stems from the program storing passwords in...

5.5CVSS6.4AI score0.0069EPSS

Exploits0References1

Prion•added 2020/06/26 4:15 p.m.•22 views

Design/Logic Flaw

A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file etc/artemis-users.properties file when executing the resetUsers operation. A local attacker can use this flaw to read the...

2.1CVSS5.3AI score0.0069EPSS

Exploits0References3Affected Software1

Cvelist•added 2020/06/26 3:38 p.m.•21 views

CVE-2020-10727

5AI score0.0069EPSS

Exploits0References3

CVE•added 2020/06/26 3:38 p.m.•139 views

CVE-2020-10727

CVE-2020-10727 affects ActiveMQ Artemis management API from version 2.7.0 up to 2.12.0. The root cause is that during the resetUsers operation, passwords are stored in plaintext in the Artemis shadow file (etc/artemis-users.properties), enabling a local attacker to read the shadow file contents. ...

5.5CVSS5AI score0.0069EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2020/06/25 7:11 a.m.•35 views

CVE-2020-10727

2.1CVSS4.7AI score0.0069EPSS

Exploits0References4

OSV•added 2020/06/10 5:15 p.m.•1 views

DEBIAN-CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

6.5CVSS6.2AI score0.01203EPSS

Exploits0References1

Prion•added 2020/06/10 5:15 p.m.•17 views

Default credentials

4.3CVSS6.3AI score0.01203EPSS

Exploits0References3Affected Software2

Cvelist•added 2020/06/10 3:55 p.m.•14 views

CVE-2020-10755

6.5CVSS6.3AI score0.01203EPSS

Exploits0References3

RedhatCVE•added 2020/06/03 11:22 p.m.•22 views

CVE-2020-10755

An insecure-credentials flaw was found in openstack-cinder. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the connectioninfo element in all Block Storage v3 Attachments API calls containing that element...

4.3CVSS0.9AI score0.01203EPSS

Exploits0References4

CNVD•added 2019/11/08 12:0 a.m.•4 views

Portainer Access Control Error Vulnerability

Portainer is an open source lightweight management UI that allows you to easily manage docker hosts or clusters. An access control error vulnerability exists in Portainer versions prior to 1.22.1. An attacker can exploit this vulnerability to gain full privileges to the host file system via the...

8.8CVSS7.1AI score0.01036EPSS

Exploits0References1

Tenable Nessus•added 2019/07/19 12:0 a.m.•24 views

Palo Alto Networks PAN-OS 7.1.x < 7.1.24 / 8.0.x < 8.0.19 / 8.1.x < 8.1.8-h5 / 9.0.x < 9.0.2-h4 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.24 or 8.0.x prior to 8.0.19 or 8.1.x prior to 8.1.8-h5 or 9.0.x prior to 9.0.2-h4. It is, therefore, affected by an information disclosure vulnerability in the management API which could lead to the disclosu...

8.8CVSS7.9AI score0.01683EPSS

Exploits0References2

Palo Alto Networks•added 2019/07/15 10:15 p.m.•9 views

Information Disclosure in PAN-OS Management API Usage

An Information Disclosure vulnerability exists in PAN-OS Management API usage Ref PAN-107239 and PAN-118869 / CVE-2019-1575 Successful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API in PAN-...

8.8CVSS7.1AI score0.01683EPSS

Exploits0References1

Palo Alto Networks•added 2019/07/15 10:15 p.m.•56 views

Information Disclosure in PAN-OS Management API Usage

1.6AI score0.01683EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by