76 matches found
CVE-2021-21270
OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is...
Unspecified Vulnerability in JetBrains IntelliJ IDEA Ultimate
JetBrains IntelliJ IDEA Ultimate is a Czech JetBrains integrated development environment for the Java language. A security vulnerability exists in JetBrains IntelliJ IDEA Ultimate that originates from the program logging server credentials in plaintext to the IDE configuration file. An attacker...
RSA Archer Information Disclosure Vulnerability (CNVD-2019-08462)
Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An information disclosure vulnerability exists in Dell EMC RSA Archer...
Juniper ATP Information Disclosure Vulnerability (CNVD-2019-24380)
Juniper Advanced Threat Prevention ATP is a suite of advanced threat protection platforms from Juniper Networks. The product supports malware detection, file analysis, and malicious IP address and URL blocking. An information disclosure vulnerability exists in Juniper ATP version 5.0.3 prior to...
Information Disclosure
jboss-as-web is vulnerable to information disclosure attacks. The vulnerability exists as the security audit functionality in Red Hat JBoss Enterprise Application Platform EAP 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the l...
ansible: become password logged in plaintext when used with PowerShell on Windows
Execution of Ansible content on Microsoft's Windows platform with Powershell 5 or higher may disclose sensitive execution details including 'become' passwords, Ansible module arguments, and return values via Powershell's 'suspicious scriptblock logging' feature, which is enabled by default. The...
Information Disclosure
sensu is vulnerable to information disclosure. The library does not properly redact passwords or keys in arrays and hashmaps, causing the sensitive information to be logged as plaintext...
MGASA-2015-0227 Updated ruby-rest-client packages fix security vulnerabilities
Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...
Updated ruby-rest-client packages fix security vulnerabilities
Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...
CVE-2014-0058
The security audit functionality in Red Hat JBoss Enterprise Application Platform EAP 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files...
CVE-2014-0058
CVE-2014-0058 affects Red Hat JBoss EAP 6.x prior to 6.2.1. The security audit feature logs request parameters in plaintext, which could let a local attacker with access to audit logs obtain passwords or credentials. Public references in connected documents confirm Red Hat addressed this via a se...
Cisco Prime Central for HCS Portal Credentials Access Vulnerability
A vulnerability in Cisco Prime Central for HCS portal could allow an authenticated, local attacker to retrieve the credentials for accounts. The vulnerability is due to plaintext logging of credentials to temporary files with inadequate permissions. An attacker could exploit this vulnerability by...
CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2012-2746
CVE-2012-2746 affects 389-ds-base/Red Hat Directory Server prior to 1.2.11.6: when an LDAP user password is changed and audit logging is enabled, the new password is saved to logs in plain text, permitting remote authenticated users to read it. Affected version note appears in multiple advisories...