Lucene search
+L

380 matches found

Vulnrichment
Vulnrichment
added 2024/06/26 5:6 p.m.13 views

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...

6.7AI score0.00439EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/26 5:6 p.m.39 views

CVE-2024-39458

When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...

0.00439EPSS
Exploits0References2
CVE
CVE
added 2024/06/26 5:6 p.m.301 views

CVE-2024-39458

The CVE affects Jenkins Structs Plugin (versions 337.v1b_04ea_4df7c8 and earlier). When failing to configure a build step, it logs a warning that may include secrets from step parameters in the default system log, risking accidental exposure. The issue is rooted in overly verbose diagnostic loggi...

3.1CVSS6.2AI score0.00439EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/06/21 12:0 a.m.5 views

TRENDnet TEW-814DAP Stack Buffer Overflow Vulnerability (CNVD-2025-17862)

The TRENDnet TEW-814DAP is a wireless access point from TRENDnet. The TRENDnet TEW-814DAP suffers from a stack buffer overflow vulnerability that stems from the submit-url parameter at /formSysLog failing to properly validate the length of the input data, which could be exploited by an attacker t...

8.8CVSS7.2AI score0.00683EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.7 views

PT-2024-4650 · Jenkins · Jenkins Structs Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Structs Plugin versions 337.v1b 04ea 4df7c8 and earlier Description: The issue is related to the accidental exposure of secrets through the default system log when the Jenkins Structs Plugin fails to configure a build step. This happe...

3.1CVSS6.8AI score0.00439EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2024/03/27 1:45 a.m.9 views

CVE-2024-1531

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file...

8.2CVSS6.7AI score0.00448EPSS
Exploits0References1
CVE
CVE
added 2024/03/27 1:45 a.m.54 views

CVE-2024-1531

CVE-2024-1531 affects Hitachi Energy RTU500 series CMU Firmware due to a flaw in the stb-language file handling. Affected firmware ranges include 12.0.1–12.0.14, 12.2.1–12.2.11, 12.4.1–12.4.11, 12.6.1–12.6.9, 12.7.1–12.7.6, 13.2.1–13.2.6, 13.4.1–13.4.4, and 13.5.1–13.5.3. The vulnerability could ...

8.2CVSS6.6AI score0.00448EPSS
Exploits0References1
OSV
OSV
added 2024/02/01 12:41 p.m.10 views

USN-6620-1 glibc vulnerabilities

It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges...

8.4CVSS7.2AI score0.04794EPSS
Exploits9References4
OSV
OSV
added 2024/01/31 12:0 a.m.5 views

UBUNTU-CVE-2023-6780

An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...

5.3CVSS7.3AI score0.04794EPSS
Exploits8References4
CNNVD
CNNVD
added 2024/01/22 12:0 a.m.5 views

Apple tvOS Security Breach

Apple tvOS is a smart TV operating system from Apple. A security vulnerability exists in Apple tvOS version 17.3, which stems from an application that may be able to view a user's phone number in the system log...

3.3CVSS6.5AI score0.00326EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/01/15 12:0 a.m.6 views

Tenda W9 安全漏洞

Tenda W9 is a wireless in-wall access point from Tenda, China. An out-of-bounds write vulnerability exists in Tenda W9 version 1.0.0.7, which is caused by a stack-based buffer overflow in the sysRulenEn parameter of the formAddSysLogRule function. An attacker can exploit this vulnerability to...

9.8CVSS7.7AI score0.01303EPSS
Exploits0References4
Veracode
Veracode
added 2024/01/10 5:59 a.m.20 views

Sensitive Information Disclosure

react-native-mmkv is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging the encryption key for the MMKV database into the Android system log. This issue can be exploited by an attacker via accessing to the Android Debugging Bridge resulting in sensitive informatio...

4.9CVSS6.2AI score0.0038EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/01/09 7:15 p.m.41 views

CVE-2024-21668

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

4.9CVSS4.5AI score0.0038EPSS
Exploits0References3
Prion
Prion
added 2024/01/09 7:15 p.m.16 views

Design/Logic Flaw

react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...

3.3CVSS6.6AI score0.0038EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/12/28 5:15 a.m.4 views

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

7.8CVSS7.5AI score0.09123EPSS
Exploits4References4
CNNVD
CNNVD
added 2023/12/28 12:0 a.m.7 views

GL.iNet Multiple Products Operating System Command Injection Vulnerability

GL.iNet MT1300 and others are products of China's Guanglian Zhitong GL.iNet.GL.iNet MT1300 is a router.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router. Operating system command injection vulnerability exists in several GL.iNet products. The vulnerability stems from the getsystemlog...

7.8CVSS7.9AI score0.09123EPSS
Exploits4References3
CNVD
CNVD
added 2023/12/21 12:0 a.m.29 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2024-0019535)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox versions prior to 121, which originated when GNOME disclosed browser tab titles to the system log, and can be exploited by attackers to...

6.5CVSS6.8AI score0.00646EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/01 4:48 p.m.44 views

CVE-2023-20155

A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...

7.5CVSS7.7AI score0.00669EPSS
Exploits0References1
Cisco
Cisco
added 2023/11/01 4:0 p.m.70 views

Cisco Firepower Management Center Software Log API Denial of Service Vulnerability

A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...

7.5CVSS6.7AI score0.00669EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.24 views

Jenkins lambdatest-automation Plugin may expose Credentials access token

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token...

6.5CVSS7.1AI score0.00363EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder