Lucene search
K

91 matches found

RedHat Linux
RedHat Linux
added 2021/10/14 8:21 p.m.4 views

Ansible: ansible-connection module discloses sensitive info in traceback error message

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...

5.5CVSS6.8AI score0.00384EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/10/14 7:43 p.m.8 views

Ansible: ansible-connection module discloses sensitive info in traceback error message

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...

5.5CVSS6.8AI score0.00384EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/10/14 7:42 p.m.7 views

Ansible: ansible-connection module discloses sensitive info in traceback error message

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...

5.5CVSS6.8AI score0.00384EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/06/25 8:26 a.m.91 views

CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...

5.5CVSS1.6AI score0.00384EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2021/06/25 12:0 a.m.35 views

Ansible -- Ansible user credentials disclosure in ansible-connection module

Red Hat reports: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...

5.5CVSS1.1AI score0.00384EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/06/05 12:0 a.m.32 views

Debian DLA-2233-2 : python-django regression update

It was discovered that there was a regression in the latest update to Django, the Python web development framework. The upstream fix for CVE-2020-13254 to address data leakages via malformed memcached keys could, in some situations, cause a traceback. Please see for more information. For Debian 8...

5.9CVSS6.8AI score0.06041EPSS
Exploits0References4
Cisco
Cisco
added 2019/08/07 4:0 p.m.58 views

Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of Intermediate System–to–Intermediate System IS–IS routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS-IS area to cause a denial of service DoS condition. The vulnerability is due to incorrect...

7.4CVSS7.5AI score0.00525EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/04/19 12:0 a.m.24 views

Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the IP Version 4 IPv4 processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU...

7.8CVSS7.2AI score0.03893EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2018/07/13 3:16 p.m.23 views

oslo.middleware Information Disclosure vulnerability

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.9CVSS4.9AI score0.00467EPSS
Exploits0References14Affected Software2
NVD
NVD
added 2018/05/08 5:29 p.m.34 views

CVE-2017-2592

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.9CVSS5.2AI score0.00467EPSS
Exploits0References12
OSV
OSV
added 2018/05/08 5:29 p.m.24 views

CVE-2017-2592

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.5CVSS5.4AI score0.00467EPSS
Exploits0References12
OSV
OSV
added 2018/05/08 5:29 p.m.2 views

DEBIAN-CVE-2017-2592

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.5CVSS6.4AI score0.00467EPSS
Exploits0References1
OSV
OSV
added 2018/05/08 12:0 a.m.2 views

UBUNTU-CVE-2017-2592

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.9CVSS6.1AI score0.00467EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/05/08 12:0 a.m.17 views

CVE-2017-2592

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

5.9CVSS6.2AI score0.00467EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2018/03/28 10:0 p.m.10 views

CVE-2018-0177

A vulnerability in the IP Version 4 IPv4 processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads ...

7.3AI score0.03893EPSS
Exploits0References3
NVD
NVD
added 2018/03/13 3:29 p.m.17 views

CVE-2018-1000083

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

5.3CVSS5.3AI score0.01279EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/03/13 3:0 p.m.22 views

CVE-2018-1000083

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the...

5.3AI score0.01279EPSS
Exploits1References1
Prion
Prion
added 2017/09/29 1:34 a.m.18 views

Race condition

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of servi...

7.8CVSS7.5AI score0.06938EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2017/09/29 12:0 a.m.32 views

CVE-2017-12237

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of servi...

7.8CVSS2.4AI score0.06938EPSS
In wildExploits0References4
Tenable Nessus
Tenable Nessus
added 2017/09/07 12:0 a.m.54 views

FreeBSD : Django -- possible XSS in traceback section of technical 500 debug page (aaab03be-932d-11e7-92d8-4b26fc968492)

Django blog : In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with DEBUG =...

6.1CVSS5.9AI score0.23566EPSS
Exploits0References3
Rows per page
Query Builder