CVE-2022-21897 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

in log4js-node/log4js-node

BUG ======== any unprivileged user can see log file and sensitive information disclosed SUMMURY ============ log4js create log file to store the log . Log may contain many sentsitive information like username,password,token,api-key etc .\ So, this log file should not accessed by other user .\ But...

Improper Privilege Management in delgan/loguru

BUG ======== unprivileged user can see log file and sensitive information disclosed SUMMURY ============ loguru create log file to store the log . Log may contain many sentsitive information like username,password,token,key etc .\ So, this log file should not accessed by other user .\ But when...

Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2022-21916)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows Common Log File System Driver 缓冲区错误漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A buff...

Microsoft Windows Common Log File System Driver 缓冲区错误漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A buff...

PT-2022-1500 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Windows Common Log File System Driver and involves insecure privilege management. It allows an attacker to elevate their privileges. Recommendations: At the...

PT-2022-1520 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to errors in privilege management in the Windows Common Log File System Driver, which can be exploited to elevate privileges. This allows ...

Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2022-21897)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Insertion of Sensitive Information into Log File in Apache Geode

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...

Insertion of Sensitive Information into Log File in Apache NiFi Stateless

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext...

GHSA-G644-PR5V-VPPF Insertion of Sensitive Information into Log File in Apache NiFi Stateless

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext...

Insertion of Sensitive Information into Log File in Apache NiFi

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was...

GHSA-7Q8G-GPFP-V8GX Insertion of Sensitive Information into Log File in Apache NiFi

In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was...

Apache NiFi Insertion of Sensitive Information into Log File

An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present...

CVE-2021-34797

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...

CVE-2021-34797

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...

Design/Logic Flaw

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...

CVE-2021-34797

CVE-2021-34797 affects Apache Geode up to 1.12.4 and 1.13.4, where log file redaction mishandles values starting with non-alphanumeric characters for passwords and security properties prefixed with “sysprop-”, “javax.net.ssl”, or “security-”. This could lead to sensitive information being written...

CVE-2021-34797 Apache Geode project log file redaction of sensitive information vulnerability

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This iss...