Privilege Escalation

acpid is vulnerable to privilege escalation. It was discovered that acpid could create its log file "/var/log/acpid" with random permissions on some systems. A local attacker could use this flaw to escalate their privileges if the log file was created as world-writable and with the setuid or setg...

Update Rollup 4 for System Center 2016 Operations Manager

Update Rollup 4 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 4 for Microsoft System Center 2016 Operations Manager. This article also contains the installation instructions for this update. Issues that are fixed and...

CVE-2020-1885

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file...

CVE-2020-1885

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file...

CVE-2020-1620 Junos OS Evolved: Configd leaks hashes via log file and is world readable

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1...

CVE-2017-18686

An issue was discovered on Samsung mobile devices with M6.0 and N7.0 software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 February 2017...

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with M6.0 and N7.0 software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 February 2017...

bind: TCP Pipelining doesn't limit TCP clients on a single connection

A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and...

CVE-2020-7599

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

Code injection

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

CVE-2020-7599

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...

CVE-2020-7599

CVE-2020-7599 affects the Gradle plugin com.gradle.plugin-publish prior to 0.11.0. When a plugin is published with Gradle running at --info, the Gradle Logger may expose an AWS pre-signed URL in build logs. If such logs are publicly accessible, an attacker could leverage the URL to replace a rece...

Lenovo XClarity Administrator Information Disclosure Vulnerability (CNVD-2020-19571)

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo LXCA version 2.6.0, which originated...

Linux: auth.info and mail.info in /etc/rsyslog.conf

Redirect email and authentication device events to the local log file. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-19756

An internal product security audit of Lenovo XClarity Administrator LXCA discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are...

CVE-2019-19756

CVE-2019-19756 affects Lenovo XClarity Administrator (LXCA) version 2.6.0 during Windows driver updates. A security audit found Windows OS credentials were written in plaintext to a log file, with access limited to authorized FFDC/service logs on LXCA. Documented impact is information disclosure ...

Siemens SiNVR 3 Plain Text Save File Vulnerability

SiNVR 3 is a video management platform.Central Control Server CCS is the central control server and Video Server is the video server. SiNVR 3 stores login credentials in plain text in a log file. An information disclosure vulnerability exists in the implementation, which can be exploited by a...

Linux: authpriv.* facility in /etc/rsyslog.conf

The facility argument is used to specify what type of program is logging the message. This lets the configuration file specify that messages from different facilities will be handled differently. - LOGAUTHPRIV: security/authorization messages private. The asterisk SPDX-FileCopyrightText: 2020...

Linux: cron.info in /etc/rsyslog.conf

Test if and to which file the info logs generated by the cron daemon process are recorded. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

The vulnerability of the Windows Common Log File System (CLFS) driver in the Windows operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Windows Common Log File System CLFS driver in the operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created application...