Lucene search
K

226 matches found

SUSE CVE
SUSE CVE
added 2023/05/24 1:58 a.m.3 views

SUSE CVE-2023-32324

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers to cause a DoS ...

5.9CVSS6.8AI score0.01473EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.14 views

kernel: wifi: brcmfmac: fix invalid address access when enabling SCAN log level

A NULL pointer dereference vulnerability was found in the Broadcom brcmfmac wireless driver in the Linux kernel. When the SCAN debug log level is enabled, a loop variable 'i' is incorrectly modified when setting random MAC addresses. This causes an invalid memory access when attempting to print...

7AI score0.00225EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.8 views

kernel: wifi: brcmfmac: fix invalid address access when enabling SCAN log level

A NULL pointer dereference vulnerability was found in the Broadcom brcmfmac wireless driver in the Linux kernel. When the SCAN debug log level is enabled, a loop variable 'i' is incorrectly modified when setting random MAC addresses. This causes an invalid memory access when attempting to print...

7AI score0.00225EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.4 views

PT-2023-22814 · Unknown · Kitchen-Terraform

Name of the Vulnerable Software and Affected Versions: Kitchen-Terraform version 7.0.0 Description: Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec...

3.3CVSS3.7AI score0.00212EPSS
Exploits0References9
F5 Networks
F5 Networks
added 2023/02/21 6:50 p.m.26 views

K31757417: The BIG-IP APM system may log passwords in plaintext when the Debug log level is enabled

Security Advisory Description This issue occurs when all of the following conditions are met: You enable the Debug log level for the access policy. You configure the access policy on the BIG-IP APM system with either of the following: Citrix Login prompt with two-factor authentication Logon page...

6.8AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.47 views

K95010211: Samba vulnerability CVE-2019-14907

Security Advisory Description All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provid...

6.5CVSS6.5AI score0.03151EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.106 views

K67175700: Apache vulnerabilities CVE-2020-9490, CVE-2020-11984, CVE-2020-11993

Security Advisory Description CVE-2020-9490 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via...

9.8CVSS6.5AI score0.90039EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.4 views

SUSE CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

6.5CVSS9.3AI score0.03151EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.10 views

SUSE CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

5.3CVSS7AI score0.58716EPSS
Exploits2References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-25284

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level...

5.5CVSS9.4AI score0.00539EPSS
Exploits0References31
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.3 views

SUSE CVE-2022-23469

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

6.5CVSS6.7AI score0.00977EPSS
Exploits1References2
Veracode
Veracode
added 2023/02/08 2:15 a.m.21 views

Information Disclosure

github.com/anchore/syft is vulnerable to Information Disclosure. The vulnerability exists due to the SYFTATTESTPASSWORD environment variable in the syft logs leaking when -vv or -vvv are used in the syft command which is any log level = DEBUG and in the attestation or SBOM only when the syft-json...

7.5CVSS7.3AI score0.00791EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/08 9:33 p.m.9 views

CVE-2022-23469 Authorization header displayed in the debug logs

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

3.5CVSS7AI score0.00977EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2022/12/08 9:33 p.m.46 views

CVE-2022-23469

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

6.5CVSS5.3AI score0.00977EPSS
Exploits1
OSV
OSV
added 2022/12/08 9:33 p.m.20 views

CVE-2022-23469 Authorization header displayed in the debug logs

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization heade...

3.5CVSS6.6AI score0.00977EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/12/08 4:11 p.m.110 views

Traefik may display authorization header in the debug logs

Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses oxy to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/weighted-round-robin-service - Buffering:...

6.5CVSS0.00977EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/12/08 4:11 p.m.23 views

GHSA-H2PH-VHM7-G4HP Traefik may display authorization header in the debug logs

Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses oxy to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/weighted-round-robin-service - Buffering:...

3.5CVSS5AI score0.00977EPSS
Exploits1References5
OSV
OSV
added 2022/11/14 6:59 p.m.12 views

GSD-2022-1007040 wifi: brcmfmac: fix invalid address access when enabling SCAN log level

wifi: brcmfmac: fix invalid address access when enabling SCAN log level This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-35295 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to an invalid address access when enabling SCAN log level in the brcmfmac wifi driver. The actual impact and attack plausibility have not yet been proven...

7.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-35647 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to an invalid address access when enabling SCAN log level in the brcmfmac wifi driver. The actual impact and attack plausibility have not yet been proven...

7.1AI score
Exploits0References1
Rows per page
Query Builder