380 matches found
CVE-2024-39458
When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...
CVE-2024-39458
When Jenkins Structs Plugin 337.v1b04ea4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system log...
CVE-2024-39458
The CVE affects Jenkins Structs Plugin (versions 337.v1b_04ea_4df7c8 and earlier). When failing to configure a build step, it logs a warning that may include secrets from step parameters in the default system log, risking accidental exposure. The issue is rooted in overly verbose diagnostic loggi...
TRENDnet TEW-814DAP Stack Buffer Overflow Vulnerability (CNVD-2025-17862)
The TRENDnet TEW-814DAP is a wireless access point from TRENDnet. The TRENDnet TEW-814DAP suffers from a stack buffer overflow vulnerability that stems from the submit-url parameter at /formSysLog failing to properly validate the length of the input data, which could be exploited by an attacker t...
PT-2024-4650 · Jenkins · Jenkins Structs Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Structs Plugin versions 337.v1b 04ea 4df7c8 and earlier Description: The issue is related to the accidental exposure of secrets through the default system log when the Jenkins Structs Plugin fails to configure a build step. This happe...
CVE-2024-1531
A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file...
CVE-2024-1531
CVE-2024-1531 affects Hitachi Energy RTU500 series CMU Firmware due to a flaw in the stb-language file handling. Affected firmware ranges include 12.0.1–12.0.14, 12.2.1–12.2.11, 12.4.1–12.4.11, 12.6.1–12.6.9, 12.7.1–12.7.6, 13.2.1–13.2.6, 13.4.1–13.4.4, and 13.5.1–13.5.3. The vulnerability could ...
USN-6620-1 glibc vulnerabilities
It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges...
UBUNTU-CVE-2023-6780
An integer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message,...
Apple tvOS Security Breach
Apple tvOS is a smart TV operating system from Apple. A security vulnerability exists in Apple tvOS version 17.3, which stems from an application that may be able to view a user's phone number in the system log...
Tenda W9 安全漏洞
Tenda W9 is a wireless in-wall access point from Tenda, China. An out-of-bounds write vulnerability exists in Tenda W9 version 1.0.0.7, which is caused by a stack-based buffer overflow in the sysRulenEn parameter of the formAddSysLogRule function. An attacker can exploit this vulnerability to...
Sensitive Information Disclosure
react-native-mmkv is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging the encryption key for the MMKV database into the Android system log. This issue can be exploited by an attacker via accessing to the Android Debugging Bridge resulting in sensitive informatio...
CVE-2024-21668
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
Design/Logic Flaw
react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging...
CVE-2023-50445
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...
GL.iNet Multiple Products Operating System Command Injection Vulnerability
GL.iNet MT1300 and others are products of China's Guanglian Zhitong GL.iNet.GL.iNet MT1300 is a router.GL.iNet MT300N-V2 is a mini router.GL.iNet AR750S is a router. Operating system command injection vulnerability exists in several GL.iNet products. The vulnerability stems from the getsystemlog...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2024-0019535)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. An information disclosure vulnerability exists in Mozilla Firefox versions prior to 121, which originated when GNOME disclosed browser tab titles to the system log, and can be exploited by attackers to...
CVE-2023-20155
A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...
Cisco Firepower Management Center Software Log API Denial of Service Vulnerability
A vulnerability in a logging API in Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not...
Jenkins lambdatest-automation Plugin may expose Credentials access token
Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token...