148 matches found
CVE-2024-0006 DB User Password Leak in Application Log
Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...
CVE-2024-0006
CVE-2024-0006 affects Yugabyte Platform’s logging system, where sensitive database credentials can be exposed in log files. The issue enables local attackers with access to application logs to obtain DB user credentials, potentially granting unauthorized database access. The available documents d...
CVE-2024-5908
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...
CVE-2024-5908
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...
CVE-2024-5908
CVE-2024-5908 affects the Palo Alto Networks GlobalProtect app. The issue allows exposure of encrypted user credentials (used to connect to GlobalProtect) through application logs. Affected component is the GlobalProtect client; root cause is credentials being written to or included in log files ...
GlobalProtect App: Encrypted Credential Exposure via Log Files
A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...
Palo Alto Networks GlobalProtect Security Breach
Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect, which arises from the fact that encrypted...
PT-2024-4211 · Palo Alto Networks · Palo Alto Networks Globalprotect
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect App affected versions not specified Description: A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in applicati...
CVE-2024-25047
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956...
Moderate: Red Hat Security Advisory: logging for Red Hat OpenShift security update
An update is now available for RHOL-5.8-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Sesami Cash Point & Transport Optimizer Security Vulnerability
Sesami Cash Point & Transport Optimizer is a solution from Sesami, Inc. A security vulnerability exists in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6, which stems from the presence of a stored cross-site scripting vulnerability. The vulnerability allows remote attackers to execu...
PT-2023-23288 · Unknown · Sesami Cash Point & Transport Optimizer
Name of the Vulnerable Software and Affected Versions: Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. This is a...
CVE-2023-38732
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289...
Code injection
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289...
CVE-2023-38732 IBM Robotic Process Automation information disclosure
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289...
CVE-2023-38732
IBM Robotic Process Automation 21.0.0–21.0.7 server is affected by an information-disclosure vulnerability where an authenticated user can view sensitive data in application logs. The issue is described across multiple sources (IBM X-Force ID 262289; RH and CNVD entries) but the provided document...
CVE-2023-2514 DB username/password revealed in application logs
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization...
CVE-2023-2514 DB username/password revealed in application logs
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization...
Spring Session session ID can be logged to the standard output stream
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...