CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3620 – Ansible: ansible-connection module discloses sensitive info in traceback error message
https://notcve.org/view.php?id=CVE-2021-3620
15 Oct 2021 — A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el módulo ansible-connection de Ansible Engine, en el que información confidencial, como las credenciales de usuario de Ansible, es revelado por defecto en el mensaje de error de rastreo. La mayor amenaza de esta vulnerabilidad es l... • https://bugzilla.redhat.com/show_bug.cgi?id=1975767 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 110EXPL: 0CVE-2019-10086 – apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default
https://notcve.org/view.php?id=CVE-2019-10086
20 Aug 2019 — In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. En Apache Commons Beanutils 1.9.2, se agregó una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a través de la propiedad de clase disponible en todo... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5709 – Solarwinds Virtualization Manager 6.3.1 Weak Crypto
https://notcve.org/view.php?id=CVE-2016-5709
17 Jun 2016 — SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. SolarWinds Virtualization Manager 6.3.1 y versiones anteriores, utiliza un cifrado débil para almacenar contraseñas en /etc/shadow, lo que permite a usuarios locales con privilegios de superusuario obtener contraseñas de usuarios a través de un ataque de fuerza bruta. Solarwinds Virtualization Manager... • http://packetstormsecurity.com/files/137525/Solarwinds-Virtualization-Manager-6.3.1-Weak-Crypto.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 23%CPEs: 1EXPL: 2CVE-2016-3642 – Solarwinds Virtualization Manager 6.3.1 Java Deserialization
https://notcve.org/view.php?id=CVE-2016-3642
15 Jun 2016 — The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. El servicio RMI en SolarWinds Virtualization Manager 6.3.1 y versiones anteriores permite a atacantes ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con la librería Apache Commons Collections (ACC). Solarwinds Virtualization Manager versions 6.3.... • https://packetstorm.news/files/id/137486 •
CVSS: 7.8EPSS: 7%CPEs: 1EXPL: 3CVE-2016-3643 – SolarWinds Virtualization Manager Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3643
15 Jun 2016 — SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." SolarWinds Virtualization Manager 6.3.1 y versiones anteriores permite a usuarios locales obtener privilegios aprovechando una mala configuración de sudo, según lo demostrado por "sudo cat /etc/passwd". Solarwinds Virtualization Manager versions 6.3.1 and below suffer from a privilege escalation vulnerability due to a misconfiguration o... • https://packetstorm.news/files/id/137487 • CWE-264: Permissions, Privileges, and Access Controls •