CVE-2019-14885

A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...

Medium: cloud-init

Issue Overview: A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the...

Medium: cloud-init

Issue Overview: A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. CVE-2021-3429 Affected Packages:...

VMware View Planner 4.6 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware View Planner Unauthenticated Log File Upload RCE', 'Description' = %q This module exploits an unauthenticated log file upload within the...

VMware View Planner Unauthenticated Log File Upload RCE

This module exploits an unauthenticated log file upload within the loguploadwsgi.py file of VMWare View Planner 4.6 prior to 4.6 Security Patch 1. Successful exploitation will result in RCE as the apache user inside the appacheServer Docker container. Module Options msf use...

IBM Spectrum Scale Access Control Error Vulnerability

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

CVE-2020-4851

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450...

CVE-2020-4851

CVE-2020-4851 affects IBM Spectrum Scale 5.0.0–5.0.5.5 and 5.1.0–5.1.0.2. A local attacker can tamper with log files due to an access control error, potentially impacting support and development. Remediation: upgrade to IBM Spectrum Scale 5.0.5.5 (HDFS Transparency 3.1.0-7) or later for the 5.0 b...

CVE-2020-4851

IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450...

USN-4845-1: libcgroup vulnerability

It was discovered that libcgroup incorrectly handled log file permissions. An attacker could possibly use this issue to obtain sensitive information...

USN-4845-1 libcgroup vulnerability

It was discovered that libcgroup incorrectly handled log file permissions. An attacker could possibly use this issue to obtain sensitive information...

IBM Spectrum Scale 注入漏洞

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

CVE-2021-3034

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...

CVE-2021-3034

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...

Design/Logic Flaw

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...

CVE-2021-3034

CVE-2021-3034 affects Cortex XSOAR, where secrets for the SAML SSO integration can be logged into /var/log/demisto during setup testing. The vulnerability exposes private keys and the identity provider certificate due to log file leakage. Affected versions include Cortex XSOAR 5.5.0 builds earlie...

Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...

Acronis: admin password disclosure via log file

Hi I have log file disclose admin password on https://www.devicelock.com/log.txt u can see md5 password in log file , 2020-03-20 08:12:15 - main - Module: change password 4.1.2changepassword=yes;/forum/forumauth.php;login=admin;md5=2bca2f877b7a727861b59f4a4039d2e9 Impact this information admin...

CVE-2020-8356

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture FFDC service log. The FFDC...

Design/Logic Flaw

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...