51 matches found
EUVD-2015-1739
Malware in sbrugna...
EUVD-2025-10696
Malicious code in bioql PyPI...
PT-2025-34059
Name of the Vulnerable Software and Affected Versions: SMB affected versions not specified Description: A vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and th...
CVE-2024-45643 IBM QRadar EDR information disclosure
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information...
CVE-2024-45497
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...
CVE-2022-38714
IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060...
Security Bulletin: IBM Aspera Faspex 4.4.2 PL3 has addressed multiple vulnerabilities (CVE-2023-27871, CVE-2023-27873, CVE-2023-27874)
Summary This Security Bulletin addresses security vulnerabilities that have been remediated CVE-2023-27871, CVE-2023-27873 and mitigated CVE-2023-27874 in IBM Aspera Faspex 4.4.2 PL3. Vulnerability Details CVEID:CVE-2023-27874 DESCRIPTION: IBM Aspera is vulnerable to an XML external entity...
Information Disclosure
github.com/ibm-messaging/mq-container is vulnerable to Information Disclosure. The vulnerability allows a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace, resulting in the disclosure of sensitive information...
Design/Logic Flaw
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398...
CVE-2023-28514 IBM MQ information disclosure
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398...
CVE-2023-28514
CVE-2023-28514 affects IBM MQ versions 8.0, 9.0 and 9.1 where a local user could obtain sensitive credential information due to tracing logic that may expose detailed error messages in stack traces. The IBM bulletin (APAR IT43079) documents a vulnerability in tracing that stores sensitive data in...
CVE-2023-28514 IBM MQ information disclosure
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398...
IBM Aspera Faspex Information Disclosure Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera Faspex, which can be exploited by an attacker to obtain sensitive credential information using...
CVE-2023-27871
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...
Code injection
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...
CVE-2023-27873 IBM Aspera Faspex information disclosure
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654...
CVE-2023-27873 IBM Aspera Faspex information disclosure
IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654...
CVE-2023-27871 IBM Aspera Faspex information disclosure
IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613...
Ansible sets unsafe permissions for sources.list
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format...
CVE-2020-11555
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files...