Default credentials

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...

CVE-2022-33737

The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password...

CVE-2022-33737

Summary: CVE-2022-33737 affects OpenVPN Access Server installers. The issue arises because the installer creates a log file that is readable by everyone, and in OpenVPN Access Server versions 2.10.0 through 2.10.x (up to but not including 2.11.0) this log may contain a randomly generated administ...

OpenVPN 日志信息泄露漏洞

OpenVPN is a software package from US-based OpenVPN Inc. for creating encrypted tunnels for virtual private networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

GO-2022-0438 Exposure of sensitive information via log file in github.com/hashicorp/go-getter

The getter package can write SSH credentials to its logfile, exposing credentials to local users able to read the logfile...

PT-2022-6220 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.0.0 through 9.1.0.19 Dell PowerScale OneFS version 9.2.1.12 Dell PowerScale OneFS version 9.3.0.6 Description: The issue is related to the disclosure of sensitive information through log files in the PowerScal...

CVE-2022-1843

The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks...

The vulnerability of the SCP-server software for managing the SAN Brocade SANnav network allows a intruder to gain access to log files.

The vulnerability of the SCP-server software for managing the SAN Brocade SANnav network is related to the storage of protected information in unencrypted form. Exploiting this vulnerability could allow an attacker to gain access to log files...

Apache Sling 安全漏洞

Apache Sling is an open source Web framework for the Java platform from the Apache Foundation. Designed to create content-centric applications on JSR-170-compliant content repositories such as Apache Jackrabbit, a log injection vulnerability exists in Apache Sling Commons Log version 5.4.0 and...

The vulnerability of the Windows Common Log File System (CLFS) driver in the Microsoft Windows operating system allows a hacker to gain elevated privileges.

The vulnerability of the Windows Common Log File System CLFS driver in the Microsoft Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

Insertion of Sensitive Information into Log File in typo3/cms-core

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 4.9 Problem It has been discovered that system internal credentials or keys e.g. database credentials have been logged as plaintext in exception handlers, when logging the complete exception stack trace. Solution Update to TYPO...

GHSA-FH99-4PGR-8J99 Insertion of Sensitive Information into Log File in typo3/cms-core

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C 4.9 Problem It has been discovered that system internal credentials or keys e.g. database credentials have been logged as plaintext in exception handlers, when logging the complete exception stack trace. Solution Update to TYPO...

CVE-2022-31047 Insertion of Sensitive Information into Log File in typo3/cms-core

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys e.g. database credentials can be logged as plaintext in exception handlers, when logging the complete exception stack trace...

CVE-2022-31047 Insertion of Sensitive Information into Log File in typo3/cms-core

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys e.g. database credentials can be logged as plaintext in exception handlers, when logging the complete exception stack trace...

CVE-2022-32254

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...

CVE-2022-32254

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...

Siemens SINEMA Remote Connect Server 日志信息泄露漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunneled connections VPN between headquarters, service technicians and installed machines or plants. An information disclosure vulnerability exists in Siemens SINEMA Remote Connect Server, which stems from ...

VulnCheck KEV: CVE-2021-43226

Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms...

VulnCheck KEV: CVE-2021-43207

Windows Common Log File System Driver Elevation of Privilege Vulnerability...

[SECURITY] Fedora 35 Update: logrotate-3.18.1-4.fc35

The logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file daily, weekly, monthly or when the log...