Lucene search
K

4577 matches found

Vulnrichment
Vulnrichment
added 2023/10/31 2:25 p.m.13 views

CVE-2023-46235 FOG stored XSS on log screen via unsanitized request logging

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the log...

5.4CVSS5.7AI score0.00311EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/10/28 9:30 a.m.31 views

Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2023/10/28 9:30 a.m.26 views

GHSA-666G-RFC5-C9JV Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References5
NVD
NVD
added 2023/10/28 8:15 a.m.16 views

CVE-2023-46215

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References3
Prion
Prion
added 2023/10/28 8:15 a.m.19 views

Design/Logic Flaw

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

5CVSS7.4AI score0.01203EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2023/10/28 7:10 a.m.25 views

CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5AI score0.01203EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/28 7:10 a.m.16 views

CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.3AI score0.01203EPSS
Exploits0References3
CVE
CVE
added 2023/10/28 7:10 a.m.112 views

CVE-2023-46215

CVE-2023-46215 affects Apache Airflow and its Celery provider. The issue is that sensitive information is logged in clear text when using rediss, amqp, or rpc protocols as the Celery result backend. Affected versions: Airflow Celery provider 3.3.0–3.4.0 and Apache Airflow 1.10.0–2.6.3. Impact is ...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2023/10/26 12:59 a.m.30 views

CVE-2023-46667 Fleet Server Insertion of Sensitive Information into Log File

An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...

8.1CVSS8.2AI score0.00473EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/26 12:59 a.m.19 views

CVE-2023-46667 Fleet Server Insertion of Sensitive Information into Log File

An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...

8.1CVSS6.9AI score0.00473EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/25 11:59 p.m.19 views

CVE-2023-46668 Elastic Endpoint Insertion of Sensitive Information into Log File

If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...

4.6CVSS6.8AI score0.00348EPSS
Exploits0References2
OSV
OSV
added 2023/10/25 6:17 p.m.5 views

CVE-2023-27256

Missing authentication in the GetLogFiles method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers...

5.3CVSS5.8AI score0.00559EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.21 views

PT-2023-30151 · Elastic · Fleet Server

Name of the Vulnerable Software and Affected Versions: Fleet Server versions 8.10.0 through 8.10.2 Description: An issue was discovered where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into...

8.1CVSS8AI score0.00473EPSS
Exploits0References6
Veracode
Veracode
added 2023/10/23 4:10 a.m.17 views

Credential Disclosure Through Logs

github.com/ydb-platform/ydb-go-sdk is vulnerable to Information Disclosure. The vulnerability is due to a custom implementation of the credentials interface. During logging, the credentials are directly serialized into the error message. If an application defines a custom credential interface, an...

5.5CVSS6.7AI score0.00219EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/10/20 10:15 a.m.28 views

Code injection

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

4CVSS6.3AI score0.01212EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/17 7:15 a.m.4 views

CVE-2023-4089

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...

2.7CVSS5.8AI score0.0047EPSS
Exploits0References1
NVD
NVD
added 2023/10/17 7:15 a.m.27 views

CVE-2023-4089

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...

2.7CVSS3.6AI score0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/17 6:0 a.m.38 views

CVE-2023-4089 WAGO: Multiple products vulnerable to local file inclusion

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...

2.7CVSS4AI score0.0047EPSS
Exploits0References1
CVE
CVE
added 2023/10/16 9:11 p.m.73 views

CVE-2023-44388

Discourse (open source forum software) is affected by CVE-2023-44388: a malicious request can cause production log files to rapidly fill, leading to disk-space exhaustion. Affected versions: 3.1.1 (stable) and 3.2.0.beta2. The workaround mentioned is reducing the nginx client_max_body_size direct...

7.5CVSS7.4AI score0.00531EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/10/16 7:39 p.m.74 views

CVE-2023-5003

Summary: CVE-2023-5003 affects the Active Directory Integration / LDAP Integration WordPress plugin (pre-4.1.10). The issue cores in storing sensitive LDAP logs in a buffer file created when an administrator exports logs; the buffer file is not removed and can be accessed by anyone who knows the ...

7.5CVSS7.5AI score0.25855EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder