72 matches found
CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
PT-2026-4748
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
EUVD-2024-3408
Malicious code in bioql PyPI...
linux-smart-enumeration
First, a couple of useful oneliners ; console wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh console curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700...
CVE-2022-29177
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that...
event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in EDA
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...
event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in EDA
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...
CVE-2025-2877 Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...
CVE-2025-2877
Summary: CVE-2025-2877 concerns Red Hat Ansible Automation Platform’s Event-Driven Ansible where, in configurations with verbosity set to debug, inventory passwords are exposed in plain text during rulebook activations and related Event Streams. Affected scope (from connected docs): Red Hat Ansib...
CVE-2025-2877 Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check cfglogverbose before calling lpfcdmpdbg, which causes the system to hang...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: The WARN function has been replaced with devwarnratelimited in rcarpciewakeup. It is sufficient to warn the user that there has been a link problem. Either the link has failed and the system requires maintenance, or th...
CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...
Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware
CVE-2023-20198 Exploit PoC for CVE-2023-20198 Description...
CVE-2024-43876
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: Demote WARN to devwarnratelimited in rcarpciewakeup Avoid large backtrace, it is sufficient to warn the user that there has been a link problem. Either the link has failed and the system is in need of maintenance, or t...
CVE-2024-43876
In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: Demote WARN to devwarnratelimited in rcarpciewakeup Avoid large backtrace, it is sufficient to warn the user that there has been a link problem. Either the link has failed and the system is in need of maintenance, or t...
azure-file-csi-driver discloses service account tokens in logs
CVSS Rating: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N - MEDIUM 6.5 A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to...
PT-2024-21320 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.25 Liferay DXP 7.4 before update 26 Liferay DXP 7.3 before update 5 Liferay DXP 7.2 before fix pack 19 Description: The default value of the portal property http.header.version.verbosity is set to...
SUSE CVE-2020-8563
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...
Exploit for Argument Injection in Atlassian Bitbucket
CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...