48 matches found
EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2375)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...
EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2349)
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...
SUSE SLES15 / openSUSE 15 Security Update : cloud-init (SUSE-SU-2023:2628-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2628-1 advisory. - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. bsc1210277 - CVE-2022-2084: Fixed a bug which...
CVE-2022-2084
A vulnerability was found in cloud-init. With this flaw, sensitive data could be exposed in world-readable cloud-init logs when schema failures are reported. This issue leak could include hashed passwords...
SUSE CVE-2022-2084
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...
CVE-2022-2084
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...
DEBIAN-CVE-2022-2084
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...
SUSE CVE-2013-0345
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information...
SUSE CVE-2022-48258
In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles...
PT-2023-15654 · Unknown · Eternal Terminal
Name of the Vulnerable Software and Affected Versions: Eternal Terminal version 6.2.1 Description: The issue concerns world-readable logfiles in etserver and etclient. Recommendations: For Eternal Terminal version 6.2.1, restrict access to the logfiles of etserver and etclient to prevent...
UBUNTU-CVE-2022-2084
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...
PT-2022-14845 · Unknown +6 · Cloud-Init +6
Name of the Vulnerable Software and Affected Versions: cloud-init versions prior to 22.3 Description: Sensitive data could be exposed in world-readable logs of cloud-init when schema failures are reported, potentially including hashed passwords. This issue may allow an attacker to gain unauthoriz...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : cloud-init vulnerability (USN-5496-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5496-1 advisory. Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs...
IBM Sterling Gentran 日志信息泄露漏洞
IBM Sterling Gentran is a versatile, high-performance solution from IBM USA designed to help exchange EDI and other types of data. A log information disclosure vulnerability exists in IBM Sterling Gentran that stems from storing potentially sensitive information in log files that can be read by...
CVE-2021-34688
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...
tripleo-ansible 信息泄露漏洞
tripleo-ansible is an application. Ansible scripts, roles and plugins for TripleO. An information disclosure vulnerability exists in tripleo-ansible. The vulnerability stems from the Ansible log file being readable to all users during stack updates and creation...
Information Disclosure
cloud-init is vulnerable to Information Disclosure. When a user specified configuration which would generate random passwords for users, cloud-init causes those passwords to be written to the serial console by emitting them on stderr. In the default configuration, any stdout or stderr emitted by...
CVE-2020-4405
IBM Verify Gateway IVG 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484...
CVE-2020-4405
IBM Verify Gateway IVG 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484...
PT-2019-5309 · Openstack +1 · Openstack-Mistral +1
Name of the Vulnerable Software and Affected Versions: openstack-mistral affected versions not specified Description: An information-exposure issue was found in openstack-mistral where undercloud log files containing clear-text information were made world readable. This could allow a malicious...