Lucene search
+L

48 matches found

nessus
nessus
added 2023/07/18 12:0 a.m.27 views

EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2375)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...

5.5CVSS5.7AI score0.00236EPSS
Exploits0References2
nessus
nessus
added 2023/07/18 12:0 a.m.18 views

EulerOS 2.0 SP10 : cloud-init (EulerOS-SA-2023-2349)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could...

5.5CVSS5.7AI score0.00236EPSS
Exploits0References2
nessus
nessus
added 2023/06/26 12:0 a.m.27 views

SUSE SLES15 / openSUSE 15 Security Update : cloud-init (SUSE-SU-2023:2628-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2628-1 advisory. - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. bsc1210277 - CVE-2022-2084: Fixed a bug which...

5.5CVSS6.2AI score0.00263EPSS
Exploits0References9
redhatcve
redhatcve
added 2023/04/20 5:30 a.m.31 views

CVE-2022-2084

A vulnerability was found in cloud-init. With this flaw, sensitive data could be exposed in world-readable cloud-init logs when schema failures are reported. This issue leak could include hashed passwords...

5.5CVSS6AI score0.00236EPSS
Exploits0References3
susecve
susecve
added 2023/04/20 2:8 a.m.4 views

SUSE CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

5.5CVSS6.8AI score0.00236EPSS
Exploits0References8
nvd
nvd
added 2023/04/19 10:15 p.m.14 views

CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

5.5CVSS5.3AI score0.00236EPSS
Exploits0References2
osv
osv
added 2023/04/19 10:15 p.m.2 views

DEBIAN-CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

5.5CVSS5.4AI score0.00236EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0345

varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information...

2.1CVSS6.3AI score0.00374EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:22 a.m.4 views

SUSE CVE-2022-48258

In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles...

5.3CVSS5.5AI score0.01071EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2023/01/13 12:0 a.m.3 views

PT-2023-15654 · Unknown · Eternal Terminal

Name of the Vulnerable Software and Affected Versions: Eternal Terminal version 6.2.1 Description: The issue concerns world-readable logfiles in etserver and etclient. Recommendations: For Eternal Terminal version 6.2.1, restrict access to the logfiles of etserver and etclient to prevent...

5.3CVSS6.8AI score0.01071EPSS
Exploits2References18
osv
osv
added 2022/06/29 9:0 p.m.6 views

UBUNTU-CVE-2022-2084

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

5.5CVSS6AI score0.00236EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2022/06/29 12:0 a.m.10 views

PT-2022-14845 · Unknown +6 · Cloud-Init +6

Name of the Vulnerable Software and Affected Versions: cloud-init versions prior to 22.3 Description: Sensitive data could be exposed in world-readable logs of cloud-init when schema failures are reported, potentially including hashed passwords. This issue may allow an attacker to gain unauthoriz...

5.5CVSS6.7AI score0.00263EPSS
Exploits0References37
nessus
nessus
added 2022/06/29 12:0 a.m.33 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : cloud-init vulnerability (USN-5496-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5496-1 advisory. Mike Stroyan discovered that cloud-init could log password hashes when reporting schema failures. An attacker with access to these logs...

5.5CVSS5.7AI score0.00236EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/01/14 12:0 a.m.4 views

IBM Sterling Gentran 日志信息泄露漏洞

IBM Sterling Gentran is a versatile, high-performance solution from IBM USA designed to help exchange EDI and other types of data. A log information disclosure vulnerability exists in IBM Sterling Gentran that stems from storing potentially sensitive information in log files that can be read by...

5.5CVSS5.2AI score0.00252EPSS
Exploits0References3
attackerkb
attackerkb
added 2021/07/15 2:15 p.m.2 views

CVE-2021-34688

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an...

3.3CVSS6AI score0.00162EPSS
Exploits0References3
cnnvd
cnnvd
added 2021/04/29 12:0 a.m.6 views

tripleo-ansible 信息泄露漏洞

tripleo-ansible is an application. Ansible scripts, roles and plugins for TripleO. An information disclosure vulnerability exists in tripleo-ansible. The vulnerability stems from the Ansible log file being readable to all users during stack updates and creation...

7.5CVSS7.2AI score0.00998EPSS
Exploits0References4
veracode
veracode
added 2021/03/20 8:16 a.m.5 views

Information Disclosure

cloud-init is vulnerable to Information Disclosure. When a user specified configuration which would generate random passwords for users, cloud-init causes those passwords to be written to the serial console by emitting them on stderr. In the default configuration, any stdout or stderr emitted by...

5.5CVSS6.5AI score0.00219EPSS
Exploits0References2Affected Software5
osv
osv
added 2020/07/27 2:15 p.m.3 views

CVE-2020-4405

IBM Verify Gateway IVG 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484...

4.3CVSS5.7AI score0.00922EPSS
Exploits0References2
nvd
nvd
added 2020/07/27 2:15 p.m.18 views

CVE-2020-4405

IBM Verify Gateway IVG 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484...

4.3CVSS3.7AI score0.00922EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2019/11/08 12:0 a.m.7 views

PT-2019-5309 · Openstack +1 · Openstack-Mistral +1

Name of the Vulnerable Software and Affected Versions: openstack-mistral affected versions not specified Description: An information-exposure issue was found in openstack-mistral where undercloud log files containing clear-text information were made world readable. This could allow a malicious...

7.5CVSS6.4AI score0.0152EPSS
Exploits0References18
Rows per page
Query Builder