77 matches found
CVE-2024-28236 Insecure Variable Substitution in Vela
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...
CVE-2024-28236 Insecure Variable Substitution in Vela
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...
GLSA-202312-05 : libssh: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202312-05 libssh: Multiple Vulnerabilities - A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and t...
Input validation
russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...
FreeBSD : libssh -- possible heap-buffer overflow vulnerability (57b1ee25-1a7c-11ec-9376-0800272221cc)
libssh security advisories : The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...
CVE-2021-3634
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...
CVE-2021-3634
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...
CVE-2021-3634
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept...
CVE-2021-3634
A flaw has been found in libssh. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secrethash and the other sessionid. Initially, both of them are the same, but after key re-exchange, previous sessionid is kept and used as an input to new...
CVE-2021-0220
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...
CVE-2021-0220
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...
Design/Logic Flaw
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...
CVE-2021-0220 Junos Space: Shared secrets stored in recoverable format and directly exposed through the UI
The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...
CVE-2021-0220
CVE-2021-0220 (Juniper Junos Space) affects Junos Space versions prior to 20.3R1. The issue is that shared secrets are stored in a recoverable format and can be exposed through the UI. An attacker who can run arbitrary code in the victim’s browser (e.g., via XSS) or access cached contents may obt...
Ubuntu: Security Advisory (USN-4521-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4521-1: pam_tacplus vulnerability
It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information...
USN-4521-1 libpam-tacplus vulnerability
It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : pam_tacplus vulnerability (USN-4521-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4521-1 advisory. It was discovered that pamtacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could...
Debian DLA-2239-1 : libpam-tacplus security update
It was discovered that there was an issue in libpam-tacplus a security module for using the TACACS+ authentication service where shared secrets such as private server keys were being added in the clear to various logs. For Debian 8 'Jessie', this issue has been fixed in libpam-tacplus version...
CVE-2020-11658
CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization...