72 matches found
ansible: sub parameters marked as no_log are not masked in certain failure scenarios
A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...
ansible: sub parameters marked as no_log are not masked in certain failure scenarios
A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...
ansible: sub parameters marked as no_log are not masked in certain failure scenarios
A flaw was found in ansible. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processed. As a result, data in the sub parameter fields will not be...
PYSEC-2019-171
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...
PYSEC-2019-171
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...
CVE-2019-14858
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argumentspec with sub parameters marked as nolog, passing an invalid parameter name to the module will cause the task to fail before the nolog options in the sub parameters are processe...
PT-2019-13857
Name of the Vulnerable Software and Affected Versions Ansible engine versions 2.x up to 2.8 Ansible tower versions 3.x up to 3.5 Description A vulnerability was found in Ansible engine and Ansible tower. When a module has an argument spec with sub parameters marked as no log, passing an invalid...
DEBIAN-CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
Design/Logic Flaw
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
CVE-2019-11250 Kubernetes client-go logs authorization headers at debug verbosity levels
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
CVE-2019-11250
CVE-2019-11250 concerns the Kubernetes client-go library which logs request headers when verbosity is 7 or higher. The practical effect is potential exposure of credentials to unauthorized users via logs or command output. Affected are Kubernetes components that use basic or bearer token authenti...
Credentials Management
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver which make use of basic or bearer token authentication, and run at high verbosity...
CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components such as kube-apiserver prior to v1.16.0, which make use of basic or bearer token authentication, and run ...
Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
First, a couple of useful oneliners ; wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh linux-smart-enumeration Linux enumeration tools for...
LaZagne v2.2 - Credentials Recovery Project
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...
DHCP Exhaustion Script: DHCPig
DHCP Exhaustion Script DHCPig initiates an advanced DHCP exhaustion attack. It will consume all IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. It requires scapy =2.1 library and admin...
Open Source SIP Sniffer: pcapsipdump
Open Source SIP Sniffer pcapsipdump is libpcap-based SIP sniffer with per-call sorting capabilities. It writes SIP/RTP sessions to disk in a same format, as “tcpdump -w”, but one file per SIP session even if there is thousands of concurrent SIP sessions. Each session goes in a separate, fancy-nam...
java-1.8.0-openjdk security update
1:1.8.0.71-1.b15 - Add patch to turn off strict overflow on IndicRearrangementProcessor,2.cpp - Resolves: rhbz1295751 1:1.8.0.71-0.b15 - January 2016 security update to u71b15. - Improve verbosity and helpfulness of tarball generation script. - Update patch documentation using version originally...