Security Bulletin: An information disclosure vulnerability has been identified with the embedded Content Platform Engine component shipped with IBM Business Automation Workflow (CVE-2019-4572)

Summary A vulnerability in IBM FileNet Content Manager and Case Foundation, in some case, could contain user information in the log when Process Orchestration Web Services is invoked. Vulnerability Details CVEID: CVE-2019-4572 DESCRIPTION: IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific...

Security update for yast2-rmt (moderate)

openSUSE Security Update: Security update for yast2-rmt Announcement ID: openSUSE-SU-2020:0320-1 Rating: moderate References: 1119835 1146403 Cross-References: CVE-2018-20105 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...

Lenovo XClarity Administrator (LXCA) Vulnerability - Lenovo Support US

Lenovo Security Advisory: LEN-29942 Potential Impact: Information disclosure Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-19756 Summary Description: An internal product security audit of Lenovo XClarity Administrator LXCA discovered Windows OS credentials, used to...

undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

The vulnerability of the Windows Common Log File System (CLFS) driver allows attackers to escalate their privileges.

The vulnerability of the Windows Common Log File System Driver CLFS in the Windows operating system stems from insecure privilege management. Exploiting this vulnerability can allow an attacker to enhance their privileges...

SUSE-SU-2020:0578-1 Security update for yast2-rmt

This update for yast2-rmt to version 1.3.0 fixes the following issues: Security issue fixed: - CVE-2018-20105: Fixed an exposure of the CA private key passphrase in the log file bsc1119835. Non-security issue fixed: - Add support for forwarding registration data from RMT to SCC...

Information Disclosure

ansible is vulnerable to information disclosure. The ldapattr and ldapentry modules can cause confidential information such as password to be logged in a log file or be displayed on stdout if bindpw option is set with params...

Laravel Log File Detected

Laravel log file /storage/logs/laravel.log has been detected on the target web application. This file may contain sensitive information about application and server configuration debug and stack trace and could help an attacker conduct further attacks. No source data...

CVE-2015-9543

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is...

CVE-2015-9543

OpenStack Nova up to 18.2.4, 19.x up to 19.1.0, and 20.x up to 20.1.0 is vulnerable to leaking consoleauth tokens into log files when using novncproxy. The issue is tied to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. A user with read access to the service logs c...

Microsoft Windows Multiple Vulnerabilities (KB4537821)

This host is missing a critical security update according to Microsoft KB4537821 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4537789)

This host is missing a critical security update according to Microsoft KB4537789 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4532693)

This host is missing a critical security update according to Microsoft KB4532693 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4537764)

This host is missing a critical security update according to Microsoft KB4537764 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4532691)

This host is missing a critical security update according to Microsoft KB4532691 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4537776)

This host is missing a critical security update according to Microsoft KB4537776 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-0657

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'...

CVE-2020-0658

An information disclosure vulnerability exists in the Windows Common Log File System CLFS driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'...

CVE-2020-0697

CVE-2020-0697 is a Microsoft Office elevation-of-privilege flaw affecting the OLicenseHeartbeat task. An authenticated attacker could place a specially crafted file in a specific location to run the task with SYSTEM privileges, enabling arbitrary file corruption. The vulnerability is addressed by...

Microsoft Office Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM. To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a...