Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
secret vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-7994
Cisco-Meraki MS, MR, and MX devices with firmware prior to 2014-09-24 allow remote malicious users to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, ak...
Cisco Meraki Mr Firmware
Cisco Meraki Mr -
Cisco Meraki Mx Firmware
Cisco Meraki Mx -
Cisco Meraki Ms Firmware
Cisco Meraki Ms -
6.5
CVSSv3
CVE-2019-14854
OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operato...
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
8.1
CVSSv3
CVE-2022-23451
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete p...
Openstack Barbican
Redhat Openstack Platform 16.1
Redhat Openstack Platform 13.0
Redhat Openstack Platform 16.2
6.5
CVSSv3
CVE-2019-10213
OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified...
Redhat Openshift Container Platform 4.1
Redhat Openshift Container Platform 4.2
2.7
CVSSv3
CVE-2021-40087
An issue exists in PrimeKey EJBCA prior to 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log (that can only be viewed by an administrator). Th...
Primekey Ejbca
NA
CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
Openstack Devstack -
5.9
CVSSv3
CVE-2016-10530
The airbrake module 0.3.8 and previous versions defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret ...
Airbrake Airbrake
7.5
CVSSv3
CVE-2023-29480
Ribose RNP prior to 0.16.3 sometimes lets secret keys remain unlocked after use.
Ribose Rnp
6.5
CVSSv3
CVE-2017-9327
Secret data of processes managed by CM is not secured by file permissions.
Cloudera Cloudera Manager 5.9.2
Cloudera Cloudera Manager 5.10.1
Cloudera Cloudera Manager 5.11.0
7.5
CVSSv3
CVE-2021-41077
The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. In particular, the desired behavior (if .travis.yml has been created locally by ...
Travis-ci Travis Ci
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »