CVE-2022-39046

An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...

Heap overflow

An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...

CVE-2022-39046

An issue was discovered in the GNU C Library glibc 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap...

PT-2022-10086 · Ericsson · Ericsson Network Manager

Name of the Vulnerable Software and Affected Versions: Ericsson Network Manager versions prior to 21.2 Description: The issue allows users belonging to the same AMOS authorization group to retrieve data from certain log files, potentially leading to privilege escalation. All AMOS users are...

CVE-2022-29550

CVE-2022-29550 affects Qualys Cloud Agent 4.8.0-49 and concerns logging of ps auxwwe output to /var/log/qualys/qualys-cloud-agent-scan.log. The issue could expose credentials from environment variables in the log if verbose tracing is enabled; the vendor notes the ps data collection is intentiona...

PT-2022-19693 · Qualys · Qualys Cloud Agent

Name of the Vulnerable Software and Affected Versions: Qualys Cloud Agent version 4.8.0-49 Description: An issue was discovered in Qualys Cloud Agent where it writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may unexpectedly write credentials from environmen...

[APPFW]"File too large" raises when upgrading appfw default signature "*Default Signatures"

Error "File too large" raises when to upgrade default signatures to version 89V89 On GUI Log sample could be seen in ns.log Jul 25 09:09:18 12 httpd: 49801 Netscalerip 127.0.0.1 - User nsroot - Remoteip 127.0.0.1 - Method POST - Command "params": "warning": "YES" "systemfile": "filename":...

OESA-2022-1825 kexec-tools security update

kexec-tools provides /sbin/kexec binary that facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. This package contains the /sbin/kexec binary and ancillary utilities that together form the userspace component of the kernel's kexec feature...

CVE-2022-2806

A flaw was found in the ovirt-log-collector, which led to the logging of plaintext passwords in the log file. This flaw allows an attacker with sufficient privileges to read the log file, leading to a loss of confidentiality...

CVE-2022-2805

A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss...

CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

Password disclosure in log file when providing incorrect additional data on initial setup of Mail App

None...

CVE-2022-34369

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data...

The vulnerability of the Common Log File System Driver for Windows operating systems, which allows attackers to escalate their privileges.

The vulnerability of the Common Log File System Driver for Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Transposh WordPress Translation 1.0.8.1 Remote Code Execution Vulnerability

ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File CWE-646 Date found: 2022-02-21 Date published:...

WordPress plugin Transposh WordPress Translation 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Transposh WordPress...

Transposh WordPress Translation 1.0.8.1 Remote Code Execution

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File...

CVE-2022-32556

An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes...

CVE-2022-32556

CVE-2022-32556 affects Couchbase Server before 7.0.4. During certain crashes, a private key is leaked to log files, exposing sensitive material and potentially impacting confidentiality. CVSSv3.1 base score is 7.5 (HIGH). The provided materials identify affected product/version and the root cause...