Lucene search
K

4579 matches found

Snyk
Snyk
added 2020/07/10 9:29 a.m.2 views

Log Injection

Overview uvicorn is a lightning-fast ASGI server. Affected versions of this package are vulnerable to Log Injection. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its...

7.5CVSS6.8AI score0.01345EPSS
Exploits1References2
OSV
OSV
added 2020/07/07 7:15 p.m.2 views

DEBIAN-CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

4.4CVSS6.8AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2020/07/07 7:15 p.m.3 views

UBUNTU-CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://:@::/". The password value is not redacted and is printed to stdout and also to any generated log files...

4.4CVSS7.3AI score0.00417EPSS
Exploits0References5
NVD
NVD
added 2020/07/02 3:15 p.m.21 views

CVE-2020-2201

Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS0.00735EPSS
Exploits0References2
Prion
Prion
added 2020/07/02 3:15 p.m.16 views

Cross site scripting

Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escape the file path for the Log file field form validation, resulting in a stored cross-site scripting vulnerability...

3.5CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.8 views

PT-2020-15415 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the file path for the Log file field form validation. This can be...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References7
Cvelist
Cvelist
added 2020/07/01 2:25 p.m.23 views

CVE-2019-4706

IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016...

2.7CVSS3AI score0.00803EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/07/01 10:57 a.m.5 views

EAP: Vault system property security attribute value is revealed on CLI 'reload' command

A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...

5.4CVSS5.8AI score0.00742EPSS
Exploits0References4
NVD
NVD
added 2020/06/19 8:15 p.m.24 views

CVE-2020-10750

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials...

7.1CVSS0.00427EPSS
Exploits0References2
Prion
Prion
added 2020/06/19 8:15 p.m.13 views

Design/Logic Flaw

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials...

2.1CVSS5.5AI score0.00427EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/06/19 7:23 p.m.77 views

CVE-2020-10750

CVE-2020-10750 affects jaegertracing/jaeger prior to version 1.18.1 when using the Kafka data store. The vulnerability allows an attacker with access to the container logs to reveal Kafka credentials stored in log files. Mitigation per the connected records is to upgrade to Jaeger v1.18.1 or late...

7.1CVSS5.3AI score0.00427EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/19 7:23 p.m.37 views

CVE-2020-10750

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials...

7.1CVSS6.8AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2020/06/19 7:15 p.m.14 views

CVE-2017-18912

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file...

9.8CVSS7AI score
Exploits0References1
Prion
Prion
added 2020/06/19 7:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file...

7.5CVSS9.2AI score0.01387EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/19 6:45 p.m.37 views

CVE-2017-18912

CVE-2017-18912 affects Mattermost Server prior to 3.8.2, 3.7.5, and 3.6.7. An attacker can specify a full pathname of a log file, indicating a path traversal-like issue in the logging path handling. The linked Connected documents confirm the vulnerability is tied to Mattermost Server versions bef...

9.8CVSS9.2AI score0.01387EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/06/18 6:15 p.m.17 views

Race condition

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

3.7CVSS4.2AI score0.00256EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2020/06/18 6:15 p.m.2 views

UBUNTU-CVE-2020-13882

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...

4.2CVSS5.6AI score0.00256EPSS
Exploits0References5
OSV
OSV
added 2020/06/18 3:15 a.m.3 views

CVE-2020-3356

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based...

6.1CVSS6.5AI score0.00801EPSS
Exploits0References1
Cisco
Cisco
added 2020/06/17 4:0 p.m.28 views

Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based...

6.1CVSS1.6AI score0.00801EPSS
Exploits0References1
NVD
NVD
added 2020/06/15 2:15 p.m.17 views

CVE-2020-4477

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779...

6.5CVSS0.0094EPSS
Exploits0References2
Rows per page
Query Builder