CBL Mariner 2.0 Security Update: php (CVE-2024-9026)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9026 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is...

Structured logging in Spring Boot 3.4

Logging is a long established part of troubleshooting applications and one of the three pillars of observability, next to metrics and traces. No one likes flying blind in production, and when incidents happen, developers are happy to have log files. Logs are often written out in a human-readable...

Apache Arrow Rust Object Store Log Message Disclosure Vulnerability

Apache Arrow is a cross-language development platform for in-memory data processing from the U.S. Apache Apache Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A log message disclosure vulnerability...

SUSE CVE-2024-40904

In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interru...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Improper Error Handling.

Summary IBM Sterling Partner Engagement Manager resolved the issue improper error handling, which prevents the disclosure of log messages containing implementation details. Vulnerability Details CVEID:CVE-2022-35640 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a local attacker...

Schneider Electric SpaceLogic AS-P/AS-B Log Message Disclosure Vulnerability

The Schneider Electric SpaceLogic AS-P is an automation server from Schneider Electric France. The Schneider Electric SpaceLogic AS-P/AS-B suffers from a log message disclosure vulnerability that can be exploited by an attacker to cause SNMP credentials to be exposed...

AZL-42223 CVE-2024-35982 affecting package kernel for versions less than 5.15.158.1-1

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments when enabled or a...

CVE-2024-27947

A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.5. The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An attacker could leverage this vulnerability to forward log messages to a specific compromised client...

CVE-2023-47147

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow an attacker to overwrite a log message under specific conditions. IBM X-Force ID: 270598...

CVE-2023-7234

OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field...

Design/Logic Flaw

OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field...

Path traversal

An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service DoS. When MPLS packets are meant to be sent to a flexible tunnel interfac...

WordPress Plugin WP Optin Wheel Log Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP Optin Wheel is...

K39081000: Rsyslog vulnerability CVE-2019-17042

Security Advisory Description An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do n...

SUSE CVE-2004-0700

Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...

SUSE CVE-2008-2711

fetchmail 6.3.8 and earlier, when running in -v -v aka verbose mode, allows remote attackers to cause a denial of service crash and persistent mail failure via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages...

SUSE CVE-2012-2369

Format string vulnerability in the logmessagecb function in otr-plugin.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message...

SUSE CVE-2013-2178

The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...

SUSE CVE-2013-4854

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service assertion failure and named daemon exit via a query with...

Failed to Publish FAS Certificate Template with "RPC server unavailable. 0x800706ba"

Failed to publishFAS certificate Template with"An error occurred: CCertAdmin::GetCAProperty:RPC server unavailable. 0x800706ba". On Domain Controller,there is an error message in Event Log "RPCCAUTHNLEVELPKTINTEGRITY"and EventID is 10036...