286 matches found
CVE-2023-23541
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts...
IBM Security Guardium 日志信息泄露漏洞
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium Ke...
K16869: logrotate vulnerability CVE-2011-1098
Security Advisory Description Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. CVE-2011-1098 Impact May allow a local user to read log data by opening a...
SUSE CVE-2016-3947
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service performance degradation or transition failures or write sensitive information to log files via an ICMPv6...
SUSE CVE-2021-40324
Cobbler before 3.3.0 allows arbitrary file write operations via uploadlogdata...
CVE-2022-32529
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe...
CVE-2022-32529
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe...
PT-2023-1176 · Vmware · Vrealize Log Insight
Name of the Vulnerable Software and Affected Versions: vRealize Log Insight affected versions not specified Description: The vRealize Log Insight contains a Directory Traversal Vulnerability, allowing an unauthenticated, malicious actor to inject files into the operating system of an impacted...
Cisco Email Security Appliance Information Disclosure (cisco-sa-esa-sma-log-YxQ6g2kG)
According to its self-reported version, the host is affected by a vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance ESA that could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive...
CVE-2022-23466 DOM-based cross-site scripting (XSS) in teler dashboard
teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...
GHSA-XR7P-8Q82-878Q teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Description teler prior to version = 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard are not sanitized. Impact This only affects authenticated...
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Description teler prior to version = 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard are not sanitized. Impact This only affects authenticated...
SolarWinds Security Event Manager Information Disclosure Vulnerability
SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. An information disclosure vulnerability exists in SolarWinds Security Event Manager versions prior to 2022.4, which stems from the...
CVE-2022-39291
ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...
CVE-2022-20243
In Core Utilities, there is a possible log information disclosure. This could lead to local information disclosure of sensitive browsing data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199986...
Schneider Electric IGSS Data Server 缓冲区错误漏洞
The Schneider Electric IGSS Data Server is a data server for the Interactive Graphics Scada System from Schneider Electric France. A buffer error vulnerability exists in versions prior to Schneider Electric IGSS Data Server 15.0.0.22140, which stems from an application boundary error. A remote...
PT-2022-3200 · Unknown · Igss Data Server
Name of the Vulnerable Software and Affected Versions: IGSS Data Server - IGSSdataServer.exe versions prior to V15.0.0.22170 Description: A buffer copy without checking the size of input vulnerability exists, potentially leading to a stack-based buffer overflow and remote code execution when an...
Solar-Log GmbH 安全漏洞
Solar-Log GmbH is a data logger for monitoring photovoltaic power plants from the German company Solar-Log. A security vulnerability exists in Solar-Log GmbH versions 2.8.4-56 and 3.5.2-85 that stems from a faulty component network configuration. An attacker could exploit the vulnerability to...
Solar-Log GmbH 跨站请求伪造漏洞
Solar-Log GmbH is a data logger for monitoring photovoltaic PV power plants from the German company Solar-Log. A cross-site request forgery vulnerability exists in Solar-Log GmbH versions 2.8.4-56 and 3.5.2-85, which stems from the component's lack of data filtering and escaping...
Solar-Log GmbH 代码问题漏洞
Solar-Log GmbH is a data logger for monitoring photovoltaic PV power plants from the German company Solar-Log. A security vulnerability exists in Solar-Log GmbH versions 2.8.4-56 and 3.5.2-85, which stems from a faulty file upload in the component. An attacker could exploit the vulnerability to...