Lucene search
K

91 matches found

Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.5 views

PT-2025-18265 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the conte...

9CVSS6.8AI score0.00662EPSS
Exploits0References11
OSV
OSV
added 2024/03/06 10:59 a.m.17 views

BIT-AIRFLOW-2021-35936 No Authentication on Logging Server

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.3CVSS5.6AI score0.04022EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:49 p.m.49 views

K01049383: BIG-IP restjavad vulnerability CVE-2019-6662

Security Advisory Description Sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data. CVE-2019-6662 Impact When logging invalid requests, such as HTTP co...

6.5CVSS6.7AI score0.00859EPSS
Exploits0Affected Software13
NVD
NVD
added 2022/10/18 8:15 p.m.20 views

CVE-2022-3594

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intrcallback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is...

5.3CVSS0.02211EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/22 10:34 a.m.41 views

Security Bulletin: IBM WebSphere eXtreme Scale is vulnerable to arbitrary code execution due to Apache Log4j v1.x (CVE-2022-23307)

Summary Apache Log4j is used by IBM WebSphere eXtreme Scale as part of remote logging functionality CVE-2022-23307. The fix includes Apache Log4j v2.17.1. Vulnerability Details CVEID: CVE-2022-23307 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...

9CVSS9.8AI score0.52458EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2022/01/20 12:0 a.m.100 views

Important: log4j

Issue Overview: It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the...

9.8CVSS9.1AI score0.8904EPSS
Exploits14
NVD
NVD
added 2021/11/10 12:15 p.m.23 views

CVE-2021-34598

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...

7.5CVSS0.00904EPSS
Exploits0References1
OSV
OSV
added 2021/11/10 12:15 p.m.3 views

CVE-2021-34598

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...

7.5CVSS5.8AI score0.00904EPSS
Exploits0References1
Prion
Prion
added 2021/11/10 12:15 p.m.12 views

Design/Logic Flaw

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...

4.3CVSS7.6AI score0.00904EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/11/10 11:22 a.m.24 views

CVE-2021-34598 Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...

7.5CVSS7.8AI score0.00904EPSS
Exploits0References1
CVE
CVE
added 2021/11/10 11:22 a.m.38 views

CVE-2021-34598

Phoenix Contact FL MGUARD 1102/1105 (firmware v1.4.0, 1.4.1, 1.5.0) has a vulnerability where remote logging is impaired due to failure to release memory for syslog-ng data structures when remote logging is active. The impact described aligns with partial availability degradation; exploitation de...

7.5CVSS7.6AI score0.00904EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.4 views

Phoenix Contact Fl Mguard 1102 安全漏洞

The Phoenix Contact Fl Mguard 1102 is a security router from Phoenix Contact, Germany. It is used to protect industrial networks from attacks such as Ip Spoofing, Denial of Service Dos and Syn flooding. A security vulnerability exists in the Phoenix Contact FL MGUARD 1102 and 1105 that stems from...

7.5CVSS7.4AI score0.00904EPSS
Exploits0References2
NVD
NVD
added 2021/08/16 8:15 a.m.19 views

CVE-2021-35936

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.3CVSS0.04022EPSS
Exploits0References1
OSV
OSV
added 2021/08/16 8:15 a.m.19 views

CVE-2021-35936

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.3CVSS7AI score
Exploits0References1
OSV
OSV
added 2021/08/16 8:15 a.m.4 views

PYSEC-2021-122

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.3CVSS6.5AI score0.04022EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/16 7:25 a.m.25 views

CVE-2021-35936 No Authentication on Logging Server

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.7AI score0.04022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/16 12:0 a.m.6 views

PT-2021-21067 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.1.2 Description: The issue affects the logging server in Apache Airflow, which has no authentication and allows reading log files of DAG jobs when remote logging is not used. This could potentially expose...

5.3CVSS5.6AI score0.04022EPSS
Exploits0References13
OSV
OSV
added 2021/05/19 2:15 p.m.4 views

CVE-2017-17675

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data...

5.3CVSS5.8AI score0.01147EPSS
Exploits0References4
CVE
CVE
added 2021/05/19 1:11 p.m.52 views

CVE-2017-17675

CVE-2017-17675 affects BMC Remedy Mid Tier 9.1SP3. The issue is log hijacking: remote logging can be accessed by unauthenticated users, enabling attackers to hijack system logs and potentially access usernames and HTTP data. The connected sources confirm affected product/version and the data expo...

5.3CVSS5.3AI score0.01147EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/05/19 1:11 p.m.31 views

CVE-2017-17675

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data...

5.4AI score0.01147EPSS
Exploits0References2
Rows per page
Query Builder