Lucene search
K

844 matches found

CVE
CVE
added 2020/07/01 12:55 p.m.44 views

CVE-2020-6261

SAP Solution Manager (Trace Analysis) 7.20 is affected. The issue allows log injection into the trace file due to incomplete XML validation, impairing readability of trace files. No explicit remediation or patch version is provided in the connected documents. References point to SAP notes/wiki en...

5.3CVSS5.5AI score0.00775EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/06/26 6:46 a.m.24 views

Log Injection

generator-jhipster is vulnerable to log injection. The vulnerability is possible because it uses public API for creating log entries for invalid password reset attempts to the user-provided emails during jwt or session authentication, allowing an attacker to forge log entries...

5.3CVSS3.2AI score0.01214EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2020/06/26 12:0 a.m.4 views

PT-2020-14368 · Zyxel · Zyxel Cloudcnm Secumanager

Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue allows escape-sequence injection into the /var/log/axxmpp.log file. This is related to the API endpoint /var/log/axxmpp.log, but specific vulnerable parameters or...

5.3CVSS5.3AI score0.00784EPSS
Exploits1References4
OSV
OSV
added 2020/06/25 8:2 p.m.26 views

GHSA-PFXF-WH96-FVJC Log Forging in generator-jhipster-kotlin

Impact We log the mail for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt...

5.3CVSS5.2AI score0.01214EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/06/25 8:2 p.m.45 views

Log Forging in generator-jhipster-kotlin

Impact We log the mail for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt...

5.3CVSS5.2AI score0.01214EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2020/06/08 5:15 p.m.19 views

CVE-2020-5304

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

7.5CVSS7.5AI score0.00995EPSS
Exploits0References2
OSV
OSV
added 2020/06/08 5:15 p.m.4 views

CVE-2020-5304

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

7.5CVSS5.8AI score0.00995EPSS
Exploits0References2
Prion
Prion
added 2020/06/08 5:15 p.m.14 views

Code injection

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

5CVSS7.5AI score0.00995EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/06/08 4:12 p.m.39 views

CVE-2020-5304

CVE-2020-5304 affects WhiteSource Application Vulnerability Management (AVM) prior to version 20.4.1. The vulnerability allows log injection by sending a %0A%0D substring in the idp parameter to the /saml/login URI, which can close the current log and create a new log line with attacker-controlle...

7.5CVSS7.5AI score0.00995EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/06/08 4:12 p.m.22 views

CVE-2020-5304

The dashboard in WhiteSource Application Vulnerability Management AVM before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data...

7.5AI score0.00995EPSS
Exploits0References2
OSV
OSV
added 2020/05/13 7:15 p.m.4 views

CVE-2020-1996

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...

5.3CVSS6.1AI score0.00905EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/05/13 7:7 p.m.21 views

CVE-2020-1996 PAN-OS: Panorama management server log injection

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...

5.3CVSS5.3AI score0.00905EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2020/05/13 4:0 p.m.72 views

PAN-OS: Panorama management server log injection

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...

5.3CVSS1.3AI score0.00905EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/06 12:0 a.m.4 views

BTC Public Chain Log Injection Vulnerability

Bitcoin is an e-currency created with open source P2P software. A security vulnerability exists in bitcoind and Bitcoin-Qt versions prior to 0.17.1. An attacker can exploit the vulnerability by injecting arbitrary data into debug logs with the help of RPC calls...

6.9AI score
Exploits0
Veracode
Veracode
added 2020/04/10 12:33 a.m.30 views

Log Injection

util-linux is vulnerable to log injection. The vulnerability exists in util-linux when logging log in attempts via the audit subsystem of the Linux kernel. A remote attacker could use this flaw to modify certain parts of logged events, possibly hiding their activities on a system...

7.5CVSS3.3AI score0.03973EPSS
Exploits1References19Affected Software1
Cvelist
Cvelist
added 2020/03/12 8:34 p.m.35 views

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

5.6AI score0.01061EPSS
Exploits1References1
Prion
Prion
added 2020/01/30 1:15 a.m.16 views

Design/Logic Flaw

In OSSEC-HIDS 2.7 through 3.5.0, the OSCleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines \n are permitted in messages processed by ossec-analysisd, i...

10CVSS9.6AI score0.02277EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2020/01/24 9:26 p.m.65 views

Log injection in SimpleSAMLphp

Background SimpleSAMLphp has a logging functionality that allows system administrators to keep track of the activity, errors, and statistics. Additionally, it allows users to report errors, shall they happen. An error report contains a report identifier, which is logged once submitted. Descriptio...

5.5CVSS1.6AI score0.00653EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/01/24 9:26 p.m.17 views

GHSA-6GC6-M364-85WW Log injection in SimpleSAMLphp

Background SimpleSAMLphp has a logging functionality that allows system administrators to keep track of the activity, errors, and statistics. Additionally, it allows users to report errors, shall they happen. An error report contains a report identifier, which is logged once submitted. Descriptio...

4.4CVSS5.4AI score0.00653EPSS
Exploits0References3
NVD
NVD
added 2020/01/24 9:15 p.m.33 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...

5.5CVSS5.2AI score0.00653EPSS
Exploits0References2
Rows per page
Query Builder