GHSA-M833-87VF-576C ovirt-engine Logs Plaintext Passwords To File

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

Siemens SICAM T 访问控制错误漏洞

The SICAM P850 Multifunctional Measuring Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured electrica...

CVE-2022-29883

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not restrict unauthenticated access to certain pages of the web interface. This could allow an attacker to delete log files without authentication...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

CVE-2022-28161

CVE-2022-28161 affects Brocade SANNav prior to 2.2.0. The vulnerability is an information exposure through log files (debug mode) that could allow an authenticated, local attacker to view sensitive data such as SSH passwords stored in filetansfer.log when debug is enabled. Exploitation requires v...

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

Chinese Hackers Caught Stealing Intellectual Property from Multinational Companies

An elusive and sophisticated cyberespionage campaign orchestrated by the China-backed Winnti group has managed to fly under the radar since at least 2019. Dubbed "Operation CuckooBees" by Israeli cybersecurity company Cybereason, the massive intellectual property theft operation enabled the threa...

BSA-2022-1840

Security Advisory ID : BSA-2022-1840 Component : debug mode Revision : 1.0 An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in...

CVE-2022-29810

A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover...

Information Disclosure

github.com/hashicorp/go-getter is vulnerable to information disclosure. The vulnerability exists in the RedactURL function of url.go, allowing an attacker to read or write SSH credentials through the log file...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

Remote code execution

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability...

IBM QRadar SIEM 日志信息泄露漏洞

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. An information...

WordPress plugin Easy Digital Downloads 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Easy Digital Downloads plugin is vulnerable to a cross-site scripting vulnerability that stems from...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to a lack of sanitization of exception messages. Remediation Upgrade Microsoft.Rest.ClientRuntime to version 2.3.24 or higher. References - Microsoft Security Advisory - Update Guide ...