Design/Logic Flaw

The api /api/snapshot and /api/getlogfile would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues...

Apache Doris 安全漏洞

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an authorization issue vulnerability that stems from api /api/snapshot and /api/getlogfile allowing...

PT-2023-27900 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.0.3 Description: The issue allows unauthenticated access through the API endpoints "/api/snapshot" and "/api/get log file". This could potentially lead to a DoS attack or allow an attacker to retrieve arbitrary...

CVE-2023-6894

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

CVE-2023-6894

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

Design/Logic Flaw

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

CVE-2023-6894 Hikvision Intercom Broadcasting System Log File system.html information disclosure

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

CVE-2023-6894 Hikvision Intercom Broadcasting System Log File system.html information disclosure

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has...

PT-2023-32804 · Hikvision · Hikvision Intercom Broadcasting System

Name of the Vulnerable Software and Affected Versions: Hikvision Intercom Broadcasting System version 3.0.3 20201113 RELEASEHIK Description: A vulnerability was found in the Log File Handler component, affecting an unknown part of the file access/html/system.html. The manipulation leads to...

SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2023:4737-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4737-1 advisory. - An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server...

SUSE SLES15 Security Update : SUSE Manager Proxy and Retail Branch Server 4.3 (SUSE-SU-2023:4758-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4758-1 advisory. - An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server...

CVE-2023-46671 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

Elastic Beats inserts sensitive information into log file

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by information disclosure vulnerability (CVE-2019-6157)

Summary IBM Integrated Management Module II IMM2 has addressed the following information disclosure vulnerability. Vulnerability Details CVEID: CVE-2019-6157 DESCRIPTION: Lenovo System x could allow a local attacker to obtain sensitive information, caused by an issue with including private key...

Code injection

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data...

BackWPup < 4.0.2 - Authenticated (Administrator+) Directory Traversal

Description The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

Restrict Content < 3.2.8 - Information Exposure via legacy log file

Description The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.7 via the legacy log file. This makes it possible for unauthenticated attackers to extract sensitive data including debug information...

CVE-2023-48305

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the userldap app logged user passwords in...

CVE-2023-48305 Nextcloud Server user_ldap app logs user passwords in the log file on level debug

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the userldap app logged user passwords in...

CVE-2023-48305

CVE-2023-48305: Nextcloud Server and Nextcloud Enterprise Server logged user passwords in plaintext to log files when loglevel was set to debug in affected releases. Affected versions: Nextcloud Server/Enterprise Server up to 25.0.10.x, 25.0.12.x, 26.0.5.x, and 27.0.x (prior to patches). Root cau...