EUVD-2024-50123

Malicious code in bioql PyPI...

CVE-2025-2861

SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately...

Displayed in plain text by Dingding JSON Pusher Plugin

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-2685

A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started...

Design/Logic Flaw

A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started...

GHSA-5JC5-M87X-88FJ Secret displayed without masking by Chef Identity Plugin

Chef Identity Plugin stores the user.pem key in its global configuration file io.chef.jenkins.ChefIdentityBuildWrapper.xml on the Jenkins controller as part of its configuration. While this key is stored encrypted on disk, in Chef Identity Plugin 2.0.3 and earlier the global configuration form do...

Secret displayed without masking by Chef Identity Plugin

Chef Identity Plugin stores the user.pem key in its global configuration file io.chef.jenkins.ChefIdentityBuildWrapper.xml on the Jenkins controller as part of its configuration. While this key is stored encrypted on disk, in Chef Identity Plugin 2.0.3 and earlier the global configuration form do...

Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted

Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file org.jenkinsci.plugins.consulkv.GlobalConsulConfig.xml on the Jenkins controller as part of its configuration. This token can be viewed by users with access to the...

GHSA-MF4P-WJRM-CMJP AWS secrets displayed without masking by Jenkins S3 Explorer Plugin

S3 Explorer Plugin stores AWSSECRETACCESSKEY in its global configuration file s3explorer.xml on the Jenkins controller as part of its configuration. While this secret is stored encrypted on disk, in S3 Explorer Plugin 1.0.8 and earlier the global configuration form does not mask the...

CVE-2019-18248

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure...

Google Android Information Disclosure Vulnerability (CNVD-2019-37945)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in System in Android Q. The vulnerability stems from errors such as configuration during operation of a networked system or product. An attacker cou...

CVE-2017-11396

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections...

FortiClient SSLVPN 5.4 - Credentials Disclosure

''' Title : Extracting clear text passwords from running processesFortiClient CVE-ID : none Product : FortiClient SSLVPN Service : FortiTray.exe Affected : =5.4 Impact : Critical Remote : No Website link : http://forticlient.com/ Reported : 31/08/2016 Authors : Viktor Minin https://1-33-7.com...

HVM qemu unexpectedly enabling emulated VGA graphics backends

ISSUE DESCRIPTION When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration. The libxl toolstack library does not explicitly disable these default...

Amanda client version

This detects the Amanda backup system client version. The client version gives potential attackers additional information about the system they are attacking. SPDX-FileCopyrightText: 2005 Paul J. Ewing Jr. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

Amanda Index Server version

This test detects the Amanda Index Server's version by connecting to the server and processing the buffer received. This information gives potential attackers additional information about the system they are attacking. Version numbers should be omitted where possible. OpenVAS Vulnerability Test...