4568 matches found
CVE-2023-36424
CVE-2023-36424 is documented as a Windows kernel-level out-of-bounds read vulnerability in the Common Log File System Driver (clfs.sys) that enables privilege escalation. Connected sources describe a pool overflow/record-validation flaw in clfs.sys (Windows Kernel pool management) exploited via c...
CVE-2023-36424 Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Liquidweb Restrict_Content
CVE-2023-47668 Restrict Content = 3.2.7 - Information Expo...
Windows Common Log File System Driver Elevation of Privilege Vulnerability
...
PT-2023-23699 · Intel · Intel On Demand
Name of the Vulnerable Software and Affected Versions: IntelR On Demand software versions prior to 1.16.2 IntelR On Demand software versions prior to 2.1.1 IntelR On Demand software versions prior to 3.1.0 Description: The issue involves the insertion of sensitive information into a log file in...
Microsoft Windows Common Log File System Driver Security Vulnerability
The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...
Intel® On Demand Agent Software Advisory
Summary: A potential security vulnerability in some Intel® On Demand agent software may allow information disclosure . Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-32283 Description: Insertion of sensitive information into lo...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Themeisle Cloud_Templates_\&_Patterns_Collection
CVE-2023-47529 Cloud Templates & Patterns collection =...
Insertion Of Sensitive Information Into Log File
github.com/juanfont/headscale is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is due the HTTP api writting the whole bearer token to info-level logs...
cloud-init security, bug fix, and enhancement update
23.1.1-11.0.2 - Fix Oracle Datasource network and getdata methods for OCI OL Orabug: 35950168 23.1.1-11.0.1 - Increase retry value and add timeout for OCI Orabug: 35329883 - Fix log file permission Orabug: 35302969 - Update detection logic for OL distros in config template Orabug: 34845400 - Adde...
Rocky Linux 8 : kexec-tools (RLSA-2021:4404)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4404 advisory. - A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal...
CVE-2023-20155
A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...
Cisco Firepower Management Center Software Log API Denial of Service Vulnerability
A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...
CVE-2023-46235 FOG stored XSS on log screen via unsanitized request logging
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the log...
GHSA-666G-RFC5-C9JV Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
Design/Logic Flaw
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215
CVE-2023-46215 affects Apache Airflow and its Celery provider. The issue is that sensitive information is logged in clear text when using rediss, amqp, or rpc protocols as the Celery result backend. Affected versions: Airflow Celery provider 3.3.0–3.4.0 and Apache Airflow 1.10.0–2.6.3. Impact is ...