Lucene search
K

51 matches found

NVD
NVD
added 2025/07/17 3:15 p.m.14 views

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

6.9CVSS0.00411EPSS
Exploits0References1
OSV
OSV
added 2025/07/17 2:40 p.m.7 views

CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

6.9CVSS7AI score0.00411EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/17 12:0 a.m.4 views

PT-2025-29919 · Unknown +2 · Rucio-Webui +3

Name of the Vulnerable Software and Affected Versions: rucio-server versions 37.0.2, 35.0.1, and 32.0.1 rucio-ui versions 37.0.4, 35.0.1, and 32.0.2 rucio-webui versions 37.0.2, 35.1.1, and 32.0.1 Description: Rucio is a software framework used to organize, manage, and access large volumes of...

6.9CVSS6.4AI score0.00411EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/14 9:7 a.m.13 views

CVE-2025-25184

A flaw was found in the rubygem-rack package. When a user provides the authorization credentials via Rack::Auth::Basic, if successful, the username is placed in env'REMOTEUSER' and later used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentional...

6.5CVSS6.4AI score0.01095EPSS
Exploits1References5
Spring Security Advisories
Spring Security Advisories
added 2024/11/24 12:0 a.m.27 views

Bootiful Spring Boot 3.4: Spring Boot

And now we’re back where we started: Spring Boot 3.4! This release is what pulls everything together. When you look at Spring Boot, remember that it normalizes the integration of all the projects it assembles and tries, wherever possible, to smooth out whatever integration issues might arise from...

7.5AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/10/27 12:58 a.m.2 views

SUSE CVE-2022-4886

Ingress-nginx path sanitization can be bypassed with logformat directive...

8.8CVSS7AI score0.01567EPSS
Exploits0References4
OSV
OSV
added 2023/10/25 7:18 p.m.35 views

CVE-2022-4886 Ingress-nginx `path` sanitization can be bypassed with `log_format` directive

Ingress-nginx path sanitization can be bypassed with logformat directive...

8.8CVSS7AI score0.01567EPSS
Exploits0References7
CVE
CVE
added 2023/10/25 7:18 p.m.162 views

CVE-2022-4886

CVE-2022-4886 is an Ingress-Nginx vulnerability where path sanitization can be bypassed via the log_format directive. IBM and OSV entries describe an impact: a remote authenticated attacker could obtain credentials information from Kubernetes Ingress Controller (ALB) deployments affected by this ...

8.8CVSS7.4AI score0.01567EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.4 views

PT-2023-6604 · Unknown · Ingress-Nginx

Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: The issue is related to a controller vulnerability in the Kubernetes ingress-nginx cluster, which is associated with errors in processing input data. This can allow a remote attacker ...

9CVSS7.2AI score0.01567EPSS
Exploits0References25
Veracode
Veracode
added 2023/07/18 3:37 p.m.24 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability occurs when the log format is set to default making it possible to insert data into log files...

3.9CVSS6.8AI score0.00185EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/13 3:15 a.m.24 views

Information disclosure

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

1.7CVSS4.2AI score0.00185EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/07/13 3:15 a.m.3 views

UBUNTU-CVE-2023-3363

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

3.9CVSS5.8AI score0.00185EPSS
Exploits0References3
OSV
OSV
added 2023/07/13 2:8 a.m.16 views

CVE-2023-3363 Insertion of Sensitive Information into Log File in GitLab

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

3.9CVSS4.2AI score0.00185EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/07/13 2:8 a.m.24 views

CVE-2023-3363

Removed by vendor...

3.9CVSS5.8AI score0.00185EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.3 views

SUSE CVE-2004-0700

Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...

7.5CVSS7.6AI score0.05802EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/02/07 3:52 p.m.4 views

git: Heap overflow in `git archive`, `git log --format` leading to RCE

A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...

9.8CVSS7.5AI score0.44268EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/02/06 7:40 p.m.4 views

git: Heap overflow in `git archive`, `git log --format` leading to RCE

A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...

9.8CVSS7.5AI score0.44268EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/02/06 4:39 p.m.6 views

git: Heap overflow in `git archive`, `git log --format` leading to RCE

A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in pretty.c::formatandpadcommit, where a sizet is stored improperly as an int, and then added as an offset to a memcpy. This overflow can be triggered directly by a user running a command...

9.8CVSS7.5AI score0.44268EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2023/01/23 8:0 a.m.4 views

Integer overflow in `git archive` `git log --format` leading to RCE in git

...

9.8CVSS8.9AI score0.44268EPSS
Exploits0
OSV
OSV
added 2023/01/17 11:15 p.m.3 views

ALPINE-CVE-2022-41903

Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...

9.8CVSS7.9AI score0.44268EPSS
Exploits0References1
Rows per page
Query Builder