GHSA-GH32-PC56-4C96 Information Exposure in jaeger

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials...

Information Exposure in jaeger

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials...

GHSA-25XJ-89G5-FM6H Information Disclosure in HashiCorp Vault

HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1.4.2, insert Sensitive Information into a Log File. The vulnerability is affecting github.com/hashicorp/vault/command Go package...

Information Disclosure in HashiCorp Vault

HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1.4.2, insert Sensitive Information into a Log File. The vulnerability is affecting github.com/hashicorp/vault/command Go package...

Insertion of Sensitive Information into Log File

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it...

OPENSUSE-SU-2021:0735-1 Security update for nagios

This update for nagios fixes the following issues: - new nagios-exec-start-post script to fix boo1003362 - fix nagiosupgrade.sh writing to log file in user controlled directory boo1182398. The nagiosupgrade.sh script writes the logfile directly below /var/log/ nagios was updated to 4.4.6: Fixed M...

CVE-2021-20331 MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application

Specific versions of the MongoDB C Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser",...

OPENSUSE-SU-2021:0715-1 Security update for nagios

This update for nagios fixes the following issues: - new nagios-exec-start-post script to fix boo1003362 - fix nagiosupgrade.sh writing to log file in user controlled directory boo1182398. The nagiosupgrade.sh script writes the logfile directly below /var/log/ nagios was updated to 4.4.6: Fixed M...

CANalyse - A Vehicle Network Analysis And Attack Tool

CANalyse is a tool built to analyze the log files to find out unique datasets automatically and able to connect to simple user interfaces such as Telegram. Basically, while using this tool the attacker can provide a bot-ID and use the tool over the internet through telegram-bot. CANalyse is made ...

CVE-2021-31918

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality...

Design/Logic Flaw

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality...

PT-2021-19593 · Red Hat · Tripleo-Ansible

Name of the Vulnerable Software and Affected Versions: tripleo-ansible version as shipped in Red Hat Openstack 16.1 Description: A flaw was found in the software, where the Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to...

CVE-2021-31918

A flaw was found in tripleo-ansible. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality. Mitigation This vulnerability can be resolved by manually adjusting the file permissions. Run the following...

CVE-2021-1079

NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the...

CVE-2021-3037

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS...

Design/Logic Flaw

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS...

CVE-2021-3037

PAN-OS contains an information exposure where details for scheduled configuration exports (cleartext username, password, IP) are logged in system logs. Root cause: sensitive credentials are written to logs during export; impact is local access to credentials if logs are read. Exploitation details...

CVE-2021-3036

The CVE-2021-3036 issue affects Palo Alto Networks PAN-OS where secrets are logged in cleartext in web server logs when the PAN-OS XML API is used with duplicate API parameters. Affected component: PAN-OS XML API request handling; root cause: logging of administrator credentials (username, passwo...

NVIDIA GeForce Experience 安全漏洞

Nvidia NVIDIA GeForce Experience is a suite of automatic graphics card update tools from Nvidia. The product is capable of automatically updating graphics card drivers and supports graphics card performance management and optimization, among other things. A security vulnerability exists in NVIDIA...

ICSA-21-110-02_Rockwell Automation Stratix Switches

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/ Low attack complexity Vendor: Rockwell Automation Equipment: Stratix Switches Vulnerabilities: Insufficiently Protected Credentials, Insufficient Verification of Data Authenticity, Use of Out-of-Range Pointer Offset, Insertion of...