CVE-2023-35695

A remote attacker could leverage a vulnerability in Trend Micro Mobile Security Enterprise 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product...

CVE-2023-35695

A remote attacker could leverage a vulnerability in Trend Micro Mobile Security Enterprise 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product...

CVE-2023-35695

CVE-2023-35695 affects Trend Micro Mobile Security (Enterprise) 9.8 SP5. A remote attacker could download a log file from the product, potentially exposing sensitive information about the software. The root cause details are not expressly provided in the linked documents, but the vulnerability is...

CVE-2022-4149 Local privilege escalation using log file

The Netskope client service prior to R96 on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory C:\Users\Public\netSkope for a standard user. The files are created and written with a SYSTEM account except one file logplaceholder which inherits permission giving all...

CVE-2022-4149 Local privilege escalation using log file

The Netskope client service prior to R96 on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory C:\Users\Public\netSkope for a standard user. The files are created and written with a SYSTEM account except one file logplaceholder which inherits permission giving all...

CVE-2022-4149

CVE-2022-4149 affects Netskope client service on Windows older than R96. The service runs as SYSTEM and writes logs to C:\Users\Public\netSkope; a race condition during restart allows a local unprivileged user to create a logplaceholder file and set permissive ACLs. Once created with proper ACLs,...

SUSE CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

GHSA-WMXX-2PVR-X7J6 Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not correctly escape the file path and the project name for the Log file field form validation. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

CVE-2023-35145

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission...

PT-2023-25164 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 5.0.1 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the file path and the project name for the Log file field form validation are...

Jenkins Plugin Sonargraph Integration 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2023-31438

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

CVE-2023-31439

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security...

CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

DEBIAN-CVE-2023-31439

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security...

Security feature bypass

DISPUTED An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

CVE-2023-31438

An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...

CVE-2023-31437

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."...