4563 matches found
CVE-2023-22447
Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access...
CVE-2023-21492
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR...
CVE-2023-21492
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-21492
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR...
CVE-2023-21492
CVE-2023-21492 is a Samsung Mobile devices vulnerability where kernel pointers are printed to the log file, enabling a privileged, local attacker to bypass ASLR. Affected software relates to Samsung Mobile devices with the SMR May-2023 Release 1 context. The root cause is the insertion of sensiti...
CVE-2023-21492
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR...
PT-2023-18246 · Samsung · Samsung Mobile Devices
Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices affected versions not specified Description: The issue allows a privileged local attacker to bypass ASLR due to kernel pointers being printed in the log file prior to SMR May-2023 Release 1. This is related to the...
cloud-init security update
22.1-6.0.4.el87.2 - Fix log file permissions Orabug: 35302985 22.1-6.0.3.el87.2 - Fix CVE-2023-1786 Orabug: 35302985...
cloud-init security update
22.1-7.0.3.el91 - Fix log file permission Orabug: 35302969 22.1-7.0.2.el91 - Fix CVE-2023-1786 Orabug: 35302969...
Citrix Provisioning Services - PVS Server 2303 Fails To Register With Citrix Cloud
While running the configuration wizard to register your PVS Server against Citrix Cloud you are greeted by an unexpected console error. "Error Registering Server, Sequence contains no matching element" as shown below: The PVS configwizard.log file will show you this exception:...
CVE-2023-1624 WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including...
CVE-2023-1624 WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including...
PT-2023-22823 · Jellyfin · Jellyfin
Name of the Vulnerable Software and Affected Versions: Jellyfin versions 10.8.0 through 10.8.10 Description: The issue is related to a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. This vulnerability can be combined with a cross-site scripting...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
UBUNTU-CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
CVE-2021-3429
When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user...
Design/Logic Flaw
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18041520711.NCS.10. The troubleshootinglogsdownload.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files...
ARRIS DG3450 访问控制错误漏洞
The ARRIS DG3450 is a cable gateway from ARRIS America. A security vulnerability exists in the ARRIS DG3450 Cable Gateway AR01.02.056.18041520711.NCS.10 version, which stems from the log file download feature not checking for session cookies.An attacker can exploit this vulnerability to download...