51 matches found
CVE-2025-54064
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...
CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...
PT-2025-29919 · Unknown +2 · Rucio-Webui +3
Name of the Vulnerable Software and Affected Versions: rucio-server versions 37.0.2, 35.0.1, and 32.0.1 rucio-ui versions 37.0.4, 35.0.1, and 32.0.2 rucio-webui versions 37.0.2, 35.1.1, and 32.0.1 Description: Rucio is a software framework used to organize, manage, and access large volumes of...
CVE-2025-25184
A flaw was found in the rubygem-rack package. When a user provides the authorization credentials via Rack::Auth::Basic, if successful, the username is placed in env'REMOTEUSER' and later used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentional...
Bootiful Spring Boot 3.4: Spring Boot
And now we’re back where we started: Spring Boot 3.4! This release is what pulls everything together. When you look at Spring Boot, remember that it normalizes the integration of all the projects it assembles and tries, wherever possible, to smooth out whatever integration issues might arise from...
SUSE CVE-2022-4886
Ingress-nginx path sanitization can be bypassed with logformat directive...
CVE-2022-4886 Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
Ingress-nginx path sanitization can be bypassed with logformat directive...
CVE-2022-4886
CVE-2022-4886 is an Ingress-Nginx vulnerability where path sanitization can be bypassed via the log_format directive. IBM and OSV entries describe an impact: a remote authenticated attacker could obtain credentials information from Kubernetes Ingress Controller (ALB) deployments affected by this ...
PT-2023-6604 · Unknown · Ingress-Nginx
Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: The issue is related to a controller vulnerability in the Kubernetes ingress-nginx cluster, which is associated with errors in processing input data. This can allow a remote attacker ...
Information Disclosure
gitlab is vulnerable to Information Disclosure. The vulnerability occurs when the log format is set to default making it possible to insert data into log files...
Information disclosure
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...
UBUNTU-CVE-2023-3363
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...
CVE-2023-3363 Insertion of Sensitive Information into Log File in GitLab
An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...
CVE-2023-3363
Removed by vendor...
SUSE CVE-2004-0700
Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...
git: Heap overflow in `git archive`, `git log --format` leading to RCE
A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...
git: Heap overflow in `git archive`, `git log --format` leading to RCE
A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...
git: Heap overflow in `git archive`, `git log --format` leading to RCE
A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...
Integer overflow in `git archive` `git log --format` leading to RCE in git
...
ALPINE-CVE-2022-41903
Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...