CVE-2018-14624

A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash...

StoreFront 3.5 upgrade to 3.15 fails with error " Citrix StoreFront 3.15.0.18019 failed"

StoreFront Version 3.5 fails to upgrade to version 3.15, during the upgrade process the wizard displays the following message "Citrix StoreFront 3.15.0.18019 failed" At the bottom of the upgrade wizard window, another message is displayed "NOTE: An error occurred during installation. Please ensur...

postgresql: Too-permissive access control list on function pg_logfile_rotate()

It was found that pgcatalog.pglogfilerotate, from the adminpack extension, did not follow the same ACLs than pgroratelogfile. If the adminpack is added to a database, an attacker able to connect to it could use this flaw to force log rotation...

Joyplus CMS suffers from an override access vulnerability

Joyplus CMS Joy Video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . An override access vulnerability exists in Joyplu...

SUSE-SU-2018:2468-1 Security update for libcgroup

This update for libcgroup fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 bsc1100365. This updates also sets the permissions of already existing log files to proper values...

Microsoft Windows Firewall: Domain: Logging: Log dropped packets

Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Defender Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location c...

AZL-6615 CVE-2018-14348 affecting package libcgroup for versions less than 0.41-23

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...

UBUNTU-CVE-2018-14348

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...

DEBIAN-CVE-2018-14348

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...

Insecure Defaults

libcgroup.so is vulnerable to insecure defaults. The library creates a log file with world readable and writable permissions, allowing a malicious user to read or write to the log file...

CVE-2017-15113

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

Path traversal

It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal...

CVE-2017-2595

It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal...

CVE-2018-11717

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain depending on the modules configured the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the...

CVE-2018-11717

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain depending on the modules configured the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the...

CVE-2018-11717

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain depending on the modules configured the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the...

Microsoft Windows: Specify the maximum log file size (App)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winappmaxlogsize.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Specify the maximum log file size KB Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is...

Microsoft Windows: Specify the maximum log file size (Security)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsecuritymaxlogsize.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Specify the maximum log file size Security Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

Microsoft Windows: Specify the maximum log file size (System)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsystemmaxlogsize.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Specify the maximum log file size System Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

Microsoft Windows: Specify the maximum log file size (Setup)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsetupmaxlogsize.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Specify the maximum log file size Setup Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This progr...