GHSA-8VH8-VC28-M2HF Potential to access user credentials from the log files when debug logging enabled

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd

iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is...

DEBIAN-CVE-2011-2924

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileg...

CVE-2011-2924

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileg...

CVE-2011-2924

foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileg...

CVE-2011-2924

CVE-2011-2924 affects the foomatic-rip filter (v4.0.12 and earlier). The flaw arises from insecure temporary file handling when rendering PostScript data in debug mode, enabling a local attacker to perform symlink attacks to overwrite arbitrary files accessible to the user running the foomatic-ri...

CVE-2011-2923

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges ...

Design/Logic Flaw

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges ...

CVE-2011-2923

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges ...

Information Disclosure Vulnerability in Multiple Qualcomm Products (CNVD-2020-16065)

The Qualcomm SDA660 and others are a central processing unit CPU product of Qualcomm Incorporated USA. A security vulnerability exists in System Debug in several Qualcomm products, which stems from a lack of address range checking in the program. An attacker could exploit the vulnerability to...

DEBIAN-CVE-2013-7089

ClamAV before 0.97.7: dbgprinthex possible information leak...

yum security, bug fix, and enhancement update

createrepoc 0.11.0-3 - Backport patch to switch off timestamps on documentation in order to remove file conflicts RhBug:1738788 0.11.0-2 - Consistently produce valid URLs by prepending protocol. RhBug:1632121 - modifyrepoc: Prevent doubling of compression test.gz.gz RhBug:1639287 - Correct pkg...

CVE-2019-16206

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information...

Authentication flaw

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information...

Red Hat Undertow Log Message Disclosure Vulnerability

Red Hat Undertow is a U.S. Red Hat Red Hat, a Java-based embedded Web server, is the default Web server Wildfly Java application server. A log information disclosure vulnerability exists in the DEBUG logging in Red Hat Undertow versions prior to 2.0.20. The vulnerability stems from the abnormal...

Schneider-electric Quantum Unspecified Vulnerability

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2 modules, uses hardcoded passwords for the 1 AUTCSE, 2 AUTCSE, 3 fdrusers, 4...

Amazon Linux AMI : docker (ALAS-2019-1316)

A command injection flaw was discovered in Docker during the docker build command. By providing a specially crafted path argument for the container to build, it is possible to inject command options to the git fetch/git checkout commands that are executed by Docker and to execute code with the...

Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

JSC Argument Object Reconstruction Type Confusion

JSC: Type confusion during bailout when reconstructing arguments objects The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10...

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects

The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10 inheritscell-JSC::JSCell::vm, std...