4564 matches found
Protect
An insertion of sensitive information into log file vulnerability CWE-532 in FortiOS / FortiProxy log events may allow a remote authenticated attacker to read certain passwords in ciphertext...
Insertion Of Sensitive Information Into Log File
sigs.k8s.io/secrets-store-csi-driver is vulnerable to Insertion of Sensitive Information Into Log File. An attacker with access to the driver logs could observe service account tokens due to the NodePublishVolume function of nodeserver.go...
ABB Platform Engineering Tools Insertion of Sensitive Information into Log File (CVE-2022-0010)
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...
OESA-2023-1322 wireshark security update
Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices,and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols.It has many powerful feature...
PT-2023-7355 · Splunk · Universal Forwarder +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.1.0.2 Splunk Enterprise versions prior to 9.0.5.1 Splunk Enterprise versions prior to 8.2.11.2 Universal Forwarder versions prior to 9.1.0.2 Universal Forwarder versions prior to 9.0.5.1 Universal Forward...
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...
CVE-2023-2878
A flaw was found in the Kubernetes Secrets Store CSI Driver that could allow a local authenticated attacker to obtain sensitive information, caused by the storage of sensitive information in the log file. By gaining access to the log file, an attacker could obtain service account tokens informati...
DEBIAN-CVE-2023-2857
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file...
CVE-2022-0010
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...
CVE-2022-0010
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...
Design/Logic Flaw
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...
CVE-2022-0010 QCS 800xA Vulnerability identified in system log files
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...
CVE-2022-0010 QCS 800xA Vulnerability identified in system log files
Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...
CVE-2022-0010
Summary: CVE-2022-0010 affects ABB QCS 800xA, ABB QCS AC450, and ABB Platform Engineering Tools due to insertion of sensitive information into log files. An attacker with local access to QCS nodes could obtain a system user password and potentially take control of nodes. Affected versions: QCS 80...
PT-2023-9780 · Abb · Abb Platform Engineering Tools +2
Name of the Vulnerable Software and Affected Versions: ABB QCS 800xA versions 1.0;0 through 6.1SP2 ABB QCS AC450 versions 1.0;0 through 5.1SP2 ABB Platform Engineering Tools versions 1.0:0 through 2.3.0 Description: The issue is related to the insertion of sensitive information into log files in...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2004-1464 Cisco IOS Denial-of-Service Vulnerability CVE-2016-6415 Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability CVE-2023-21492 Samsung...
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization ASLR bypass...
SUSE-SU-2023:2164-1 Security update for cloud-init
This update for cloud-init contains following fixes: - CVE-2021-3429: Do not write the generated password to the log file. bsc1184758 - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. bsc1210277 Other fixes: - Change log file creation mode to 640. bsc1183939 - Write proper...
CVE-2023-22447
Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access...
CVE-2023-22447
Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access...