38 matches found
EUVD-2026-21193
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords
A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...
EUVD-2025-37881
ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...
CentOS 6 : firefox (RHSA-2020:5257)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5257 advisory. - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted...
CentOS 6 : thunderbird (RHSA-2020:5238)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5238 advisory. - Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted...
AZL-36943 CVE-2023-33187 affecting package highlight 4.18-1
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...
CVE-2023-33187
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...
Input validation
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...
CVE-2023-33187 highlight vulnerable to cleartext transmission of sensitive information
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...
CVE-2023-33187 highlight vulnerable to cleartext transmission of sensitive information
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...
GHSA-9QPJ-QQ2R-5MCC html inputs of type password recorded in plaintext when converted to text inputs
Impact Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs. A customer may assume that switching to type="text"...
highlight.io 安全漏洞
highlight.io is open source full stack monitoring platform. Error monitoring, session replay, logging and more. A security vulnerability exists in highlight.io versions prior to 6.0.0 that stems from unintentionally logging password values when using the Show Password button...
PT-2023-24204 · Highlight · Highlight
Name of the Vulnerable Software and Affected Versions: Highlight versions prior to 6.0.0 Description: Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This issue arises because the expected behavi...
SUSE CVE-2019-15635
An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...
SUSE CVE-2020-26965
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...
GNOME security, bug fix, and enhancement update
accountsservice 0.6.55-2 - Add support for user templates so user can specify default session Resolves: 1812788 gdm 40.0-14 - Fix XDMCP Resolves: 2004170 - Fix crash at shutdown Related: 2004170 40.0-13 - Disable Wayland on HyperV - Fix Xorg fallback Related: 1998989 40.0-12 - Redisable on server...
Oracle Linux 6 : thunderbird (ELSA-2020-5238)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5238 advisory. 78.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.5.0-1 - Update to 78.5.0 build3 Tenable has...
Oracle Linux 6 : firefox (ELSA-2020-5257)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5257 advisory. 78.5.0-1.0.1 - Fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 78.5.0-1 - Update to 78.5.0 build1...
DEBIAN-CVE-2020-26965
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...