VulnCheck KEV: CVE-2023-28252

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...

CVE-2023-28252

Windows Common Log File System Driver Elevation of Privilege Vulnerability Recent assessments: ccondon-r7 at April 12, 2023 3:18pm UTC reported: This was discovered because of zero-day exploitation perpetrated by a skilled adversary — final payload was Nokoyawa ransomware in at least one case, as...

PT-2023-2305 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to insufficient protection of internal data in the Windows Common Log File System CLFS driver, which can be exploited to gain unauthorized...

Microsoft Windows Common Log File System Driver 安全漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...

CVE-2023-0156

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user admin+ to view the contents of arbitrary files and list directories anywhere on the server to which the web server has access. The plugin only...

CVE-2022-48228

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362...

CVE-2022-48435

In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file...

CVE-2022-43772 Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs...

CVE-2022-43772 Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs...

CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

Design/Logic Flaw

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2023-1550 NGINX Agent vulnerability CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2023-1550

CVE-2023-1550 (NGINX Agent) affects NGINX Agent versions 2.0 through 2.23.2. The issue arises from inserting sensitive information into log files, exposed when non-default trace level logging is enabled. An authenticated attacker with local access to read agent log files may gain access to privat...

CVE-2023-28892

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleanerDebug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link...

CVE-2023-1683

A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/systemlog.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to t...

PT-2023-2180 · Nginx · Nginx Agent

Name of the Vulnerable Software and Affected Versions: NGINX Agent versions 2.0 through 2.23.2 Description: The issue is related to insufficient protection of registration data, which may allow an attacker to gain access to private keys. This can occur when an authenticated attacker with local...

CVE-2023-28443 directus vulnerable to Insertion of Sensitive Information into Log File

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the directusrefreshtoken is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3...

CVE-2023-28443 directus vulnerable to Insertion of Sensitive Information into Log File

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the directusrefreshtoken is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3...