CVE-2023-36900

CVE-2023-36900 affects the Windows Common Log File System (CLFS) driver, enabling Elevation of Privilege via an integer overflow/wraparound vulnerability. The connected exploit repository documents a PoC labeled as an exploit for an Integer Overflow or Wraparound in Microsoft CLFS, with a Denial-...

Nextcloud: user_ldap app logs user passwords in the log file on level debug

User passwords were logged in Nextcloud application logs when using LDAP authentication and debug log level settings...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

Microsoft Windows Common Log File System Driver Security Vulnerability

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...

PT-2023-4195 · Pro Face · Gp-Pro Ex

Name of the Vulnerable Software and Affected Versions: GP-Pro EX affected versions not specified Description: The issue is related to a memory buffer overflow, which could allow an attacker to impact the confidentiality, integrity, and availability of protected information. This occurs when an...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the insertion of sensitive information into log file which allows an attacker with local file system access to obtain system root-level privileges...

PT-2023-28031 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions prior to 11.10 Description: A critical vulnerability has been found in Tongda OA, affecting the file general/system/seal manage/dianju/delete log.php. The manipulation of the DELETE STR argument leads to sql injection. The...

CVE-2023-3997

Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to vi...

Design/Logic Flaw

Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to vi...

Webmin 跨站脚本漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version 2.021, which stems from a Stored Cross-Site Scripting XSS vulnerability found in the configuration settings of the system logging...

DELL Wyse ThinOS Information Disclosure Vulnerability

DELL Wyse ThinOS is a lightweight operating system designed for thin client devices, focused on providing a secure and efficient virtual desktop access experience. An information disclosure vulnerability exists in DELL Wyse ThinOS, which can be exploited by an attacker to read sensitive informati...

CVE-2023-32478

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure...

Information disclosure

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure...

CVE-2023-32478

Dell PowerStore (pre-3.5.0.1) is affected by a vulnerability where sensitive information can be inserted into log files. The issue stems from how logs may capture sensitive data, enabling a high-privilege or potentially compromised user to disclose information. Affected product/version scope: Del...

CVE-2023-32483

Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files...

PT-2023-23793 · Dell · Dell Wyse Thinos

Name of the Vulnerable Software and Affected Versions: Dell Wyse ThinOS versions prior to 2303 9.4.1141 Description: The issue allows an unauthenticated malicious user with local access to the device to read sensitive information written to the log files. Recommendations: For Dell Wyse ThinOS...

PT-2023-20434 · Ibm · Planning Analytics Cartridge For Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: Planning Analytics Cartridge for Cloud Pak for Data version 4.0 Description: The issue exposes sensitive information in logs, which could lead an attacker to exploit it and conduct further attacks. Recommendations: For Planning Analytics...

PT-2023-25843 · Unknown · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 6.13 Description: The issue allows an authenticated attacker to obtain sensitive information via the log files. Recommendations: For versions prior to 6.12.0.6, update to version 6.12.0.6 or later. For versio...

JetBrains TeamCity 日志信息泄露漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An information disclosure vulnerability exists in...

CVE-2023-35299

Windows Common Log File System Driver Elevation of Privilege Vulnerability...