GHSA-895M-WW55-59VW Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications...

Shopify: Session works after logout from Shopify account and password of online store is displayed

When a user creates a Shopify Lite Plan account, in the product creation stage when the account has not been upgraded, the store's password is enabled such that any visitor who wants to access the store is required to enter password before being granted access to view the products listed in the...

VulnCheck KEV: CVE-2017-15718

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...

CVE-2016-6310

oVirt Engine discloses the ENGINEHTTPSPKITRUSTSTOREPASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0...

Cross site scripting

Oracle, GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface...

CVE-2017-1000030

Removed by vendor...

DEBIAN-CVE-2014-1948

OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...