43 matches found
Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068
The Admin Audit Trail module tracks logs of specific events that you'd like to review. When the submodule Admin Audit Trail: User Authentication is enabled, it logs user authentication events login, logout, and password reset requests. The module does not sufficiently limit some large values befo...
PT-2025-18087 · Snowflake · Snowflake Jdbc Driver
Name of the Vulnerable Software and Affected Versions: Snowflake ODBC Driver versions prior to 3.7.0 Description: The issue concerns the logging of sensitive information. In certain code paths, the whole SQL query was logged at the INFO level. This could potentially lead to the exposure of...
Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.
Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Ansible vulnerabilities (USN-7330-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7330-1 advisory. It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possib...
CVE-2025-22271
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from unwanted warnings and logging issues in the bonding subsystem bondxdpgetxmitslave function...
USN-7049-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. CVE-2024-8925 It was discovered that PHP incorrectly handled the cgi.forceredirect configuration option due to...
PT-2023-6647 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana version 8.10.0 Description: The issue impacts Kibana when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern, allowing sensitive information to be recorded in logs in the event of an error. The...
SUSE-SU-2022:4607-1 Security update for conmon
This update for conmon fixes the following issues: conmon was updated to version 2.1.5: don't leak syslogidentifier logging: do not read more that the buf size logging: fix error handling Makefile: Fix install for FreeBSD signal: Track changes to getsignaldescriptor in the FreeBSD version Packit:...
PT-2022-10452 · Solarwinds · Serv-U
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: This issue pertains to a broken access control vulnerability where a domain admin can access configuration and user data of other domains without authorization. The access is...
MGASA-2022-0170 Updated cifs-utils packages fix security vulnerability
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-27239 cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign...
SUSE-SU-2021:1959-1 Security update for freeradius-server
This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016...
OPENSUSE-SU-2020:0865-1 Security update for uftpd
This update for uftpd fixes the following issues: uftpd was updated to version 2.12. Changes: Use common log message format and log level when user enters an invalid path. This unfortunately affects changes introduced in v2.11 to increase logging at default log level. Security fixes: -...
jaegertracing/jaeger information disclosure vulnerability
Jaeger is an open source distributed system monitoring service released by the Linux Foundation , it is mainly used to monitor the distributed system transactions and troubleshooting and so on. A log information disclosure vulnerability exists in versions of jaegertracing/jaeger before 1.18.1. An...
SUSE-SU-2020:0617-1 Security update for ipmitool
This update for ipmitool fixes the following issues: - CVE-2020-5208: Fixed multiple remote code executtion vulnerabilities bsc1163026. - picmg discover messages are now DEBUG and not INFO messages bsc1085469...
MGASA-2018-0303 Updated ansible packages fix security vulnerability
Ansible prior to 2.4.5 does not honor the nolog task flag for failed tasks. When the nolog flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user...
[SECURITY] [DLA 588-2] mongodb security update
Package : mongodb Version : 2.0.6-1+deb7u1 CVE ID : CVE-2016-6494 Debian Bug : 832908, 833087 This is an update of DLA-558-1. The previous build had revision number that was considered lower than the one in wheezy and was therefore not installed at upgrade. The text for DLA-558-1 is included here...
RedHat Update for nfs-utils RHSA-2012:0310-03
Check for the Version of nfs-utils OpenVAS Vulnerability Test RedHat Update for nfs-utils RHSA-2012:0310-03 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
CVE-2005-1856
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack...
analogx-4.10.dos.txt
Network Security Solutions Inc. Security Advisory Philippine based Security Company Http://www.Nssolution.net Http://connect.to/nssi AnalogX Proxy Server DoS/Buffer Overflow Vulnerabilty Author: Abraham Lincoln H. Handle: zer0logic Email : [email protected], [email protected]...