Exploit for Use of Externally-Controlled Format String in Asus Rt-Ac86U_Firmware

CVE-2023-35086-POC July 25 2023, Altin tin-z, github.com/t...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2.6)

The version of AOS installed on the remote host is prior to 6.6.2.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2.6 advisory. - Integer underflow in grubnetrecvip4packets; A malicious crafted IP packet can lead to an integer underflow in...

CVE-2023-36924

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

CVE-2023-36924

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

Design/Logic Flaw

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

CVE-2023-36924

CVE-2023-36924 affects SAP ERP Defense Forces and Public Security, versions 600–807. The root cause is improper handling of log output allowing an authenticated admin to write arbitrary data to the syslog file, potentially altering all syslog data and compromising application integrity. Affected ...

CVE-2023-36924 Log Injection vulnerability in SAP ERP Defense Forces and Public Security

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

CVE-2023-36924 Log Injection vulnerability in SAP ERP Defense Forces and Public Security

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could...

PT-2023-4139 · Sap · Sap Erp Defense Forces/Public Security

Name of the Vulnerable Software and Affected Versions: SAP ERP Defense Forces and Public Security versions 600 through 807 Description: The issue is related to improper handling of log output, which can be exploited by a remote attacker to overwrite arbitrary files. When using a specific function...

Password Disclosure

cloudfoundry is vulnerable to Password Disclosure. The vulnerability exists when kernel audit logging is enabled, which logs every command run on a VM, causing authentication commands of the form cf auth --client-credentials USERNAME PASSWORD to be logged in plaintext to syslog, allowing an...

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...

Cloud Foundry CAPI 信任管理问题漏洞

Cloud Foundry CAPI is a cloud controller from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry CAPI versions 1.140 through 1.152.0, Loggregator-agent v7+, and CF Deployment versions 24.7.0 through 29.0.0, which originates in Cloud foundry instanc...

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...

PT-2023-17685 · Unknown · Loggregator-Agent +1

Name of the Vulnerable Software and Affected Versions: Cloud Foundry versions 1.140 through 1.152.0 loggregator-agent version 7 and later Description: The issue allows users to override other users' syslog drain credentials if they are aware of the client certificate used for that syslog drain...

CVE-2023-20881: CAs for syslog-drain mtls feature can be overwritten | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Users on cf may override other users syslog drain credentials if they’re aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and...

Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2023-1692)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : rsyslog (EulerOS-SA-2023-1692)

According to the versions of the rsyslog packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when...

Unable to filter Instance Syslog messages over 1 Month in ADM

Customer wanted to audit NetScaler historical instance syslog in ADM, however could only obtain data within 1 Month in GUI page. ADM instance syslog data pruning is configured with 90 days, there should have data age greater than 1 Month. P.S.data pruning configure...