September 20, 2022—KB5017379 (OS Build 17763.3469) Preview

September 20, 2022—KB5017379 OS Build 17763.3469 Preview REMINDER 9/20/22 After today, September 20, 2022, there will no longer be optional, non-security releases known as "C" or preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as...

CVE-2022-30532

In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy...

CVE-2022-24875 Potential Secrets being logged to disk in CVEProject/cve-services

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...

ARRIS SBR-AC1900P和ARRIS SBR-AC3200P 操作系统命令注入漏洞

ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS USA. Multiple ARRIS products command injection vulnerability, which stems from the firewall local logging feature failing to properly filter constructed command special characters, commands, etc. An attacker could exploit...

CVE-2022-25264

Affected product: JetBrains TeamCity server before 2021.2.3. Vulnerability: environment variables of type "password" could be logged in some cases. Impact: potential exposure of passwords in logs. Remediation: upgrade to 2021.2.3 or later (as indicated by the description and references).

libreswan: Malicious IKEv1 packet can cause libreswan to restart

A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon...

UBUNTU-CVE-2021-27022

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes inventory service nodes...

PT-2021-19940 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: The Nextcloud server, an open-source, self-hosted personal cloud, has a issue where logging of...

PT-2021-19852 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 Description: The Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of ...

OPENSUSE-SU-2021:2147-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016...

CVE-2020-15380

Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level...

Cisco Managed Services Accelerator Denial of Service Vulnerability

Cisco Managed Services Accelerator MSX is a multi-tenant, multi-service, cloud-native service creation and delivery platform that enables service providers to quickly, easily, and cost-effectively develop and deliver hosted services to enterprise customers. A denial of service vulnerability exist...

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns logging statements were made on the wrong connection causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

...

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

PT-2020-5483 · Apache +8 · Apache Http Server +8

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.20 through 2.4.43 Description: The issue is related to the implementation of the HTTP/2 mechanism in the Apache HTTP Server, which can lead to inconsistent interpretation of HTTP requests. This can cause loggin...

CVE-2018-21043

An issue was discovered on Samsung mobile devices with O8.x and P9.0 Exynos 9810 chipsets software. There is information disclosure about a kernel pointer in the g2ddrv driver because of logging. The Samsung ID is SVE-2018-13035 December 2018...

DEBIAN-CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

ALPINE-CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

CVE-2019-17355

In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat...

Security update for ansible (moderate)

openSUSE Security Update: Security update for ansible Announcement ID: openSUSE-SU-2019:1125-1 Rating: moderate References: 1099808 1102126 1109957 1112959 1116587 1118896 1126503 Cross-References: CVE-2018-10875 CVE-2018-16837 CVE-2018-16859 CVE-2018-16876 CVE-2019-3828 Affected Products: SUSE...