Astra Linux - уязвимость в openvpn

Before version 2.6.11, OpenVPN did not properly sanitize PUSHREPLY messages. This vulnerability could be exploited by attackers who control the server, allowing them to inject unexpected arbitrary data into client logs...

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

PT-2026-33644

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

Apache ZooKeeper 3.8.x < 3.8.6 / 3.9.x < 3.9.5 Multiple Vulnerabilities

The version of Apache ZooKeeper listening on the remote host is 3.8.x prior to 3.8.6 or 3.9.x prior to 3.9.5. It is, therefore, affected by multiple vulnerabilities: - Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information stored in client...

CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

CVE-2026-24308

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential producti...

Apache Zookeeper 安全漏洞

Apache Zookeeper is a software project of the Apache Foundation in the United States. It provides open-source distributed configuration services, synchronization services, and naming and registration functions for large-scale distributed computing systems. Versions 3.8.5 and 3.9.4 of Apache...

CVE-2026-0936

An Insertion of Sensitive Information into Log File vulnerability in B PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disable...

EUVD-2021-23385

Malware in sbrugna...

CVE-2021-36809

A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client...

Device Posture Portal page error "CheckAgain" or "Download EPA client" | Status code 307

End users encounter issues at the Device Posture Portal when attempting to log into the Workspace URL. They are prompted to "Check Again" or "Download EPA client," despite already having the client installed on their device. Checking endpoint logs, we see the following error: The Windows client...

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

SUSE CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

DEBIAN-CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

Xymon Daemon Gather Information

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xymon Daemon Gather Information', 'Description' = %q This module retrieves information from a Xymon daemon service formerly Hobbit, based on Big...

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper versions 0.3.10 and earlier, which stems from incorrect logging of topics in rawlog, and could lead to unexpected behavior in client applications that rely on these logs...

Eternal Terminal 安全漏洞

Eternal Terminal is a remote shell by Jason Gauci Personal Developer. A security vulnerability exists in Eternal Terminal version 6.2.1, which stems from the existence of globally readable log files for its etserver and etclient...

PT-2023-15654 · Unknown · Eternal Terminal

Name of the Vulnerable Software and Affected Versions: Eternal Terminal version 6.2.1 Description: The issue concerns world-readable logfiles in etserver and etclient. Recommendations: For Eternal Terminal version 6.2.1, restrict access to the logfiles of etserver and etclient to prevent...

CVE-2021-36809

A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client...