91 matches found
PT-2025-18265 · Ctrlx Os · Ctrlx Os
Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the conte...
BIT-AIRFLOW-2021-35936 No Authentication on Logging Server
If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...
K01049383: BIG-IP restjavad vulnerability CVE-2019-6662
Security Advisory Description Sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data. CVE-2019-6662 Impact When logging invalid requests, such as HTTP co...
CVE-2022-3594
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intrcallback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is...
Security Bulletin: IBM WebSphere eXtreme Scale is vulnerable to arbitrary code execution due to Apache Log4j v1.x (CVE-2022-23307)
Summary Apache Log4j is used by IBM WebSphere eXtreme Scale as part of remote logging functionality CVE-2022-23307. The fix includes Apache Log4j v2.17.1. Vulnerability Details CVEID: CVE-2022-23307 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...
Important: log4j
Issue Overview: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the...
CVE-2021-34598
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...
CVE-2021-34598
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...
Design/Logic Flaw
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...
CVE-2021-34598 Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...
CVE-2021-34598
Phoenix Contact FL MGUARD 1102/1105 (firmware v1.4.0, 1.4.1, 1.5.0) has a vulnerability where remote logging is impaired due to failure to release memory for syslog-ng data structures when remote logging is active. The impact described aligns with partial availability degradation; exploitation de...
Phoenix Contact Fl Mguard 1102 安全漏洞
The Phoenix Contact Fl Mguard 1102 is a security router from Phoenix Contact, Germany. It is used to protect industrial networks from attacks such as Ip Spoofing, Denial of Service Dos and Syn flooding. A security vulnerability exists in the Phoenix Contact FL MGUARD 1102 and 1105 that stems from...
CVE-2021-35936
If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...
CVE-2021-35936
If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...
PYSEC-2021-122
If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...
CVE-2021-35936 No Authentication on Logging Server
If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...
PT-2021-21067 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.1.2 Description: The issue affects the logging server in Apache Airflow, which has no authentication and allows reading log files of DAG jobs when remote logging is not used. This could potentially expose...
CVE-2017-17675
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data...
CVE-2017-17675
CVE-2017-17675 affects BMC Remedy Mid Tier 9.1SP3. The issue is log hijacking: remote logging can be accessed by unauthenticated users, enabling attackers to hijack system logs and potentially access usernames and HTTP data. The connected sources confirm affected product/version and the data expo...
CVE-2017-17675
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data...