Lucene search
+L

148 matches found

Cvelist
Cvelist
added 2024/07/19 2:26 p.m.29 views

CVE-2024-0006 DB User Password Leak in Application Log

Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access...

5.4CVSS0.00266EPSS
Exploits0References3
CVE
CVE
added 2024/07/19 2:26 p.m.54 views

CVE-2024-0006

CVE-2024-0006 affects Yugabyte Platform’s logging system, where sensitive database credentials can be exposed in log files. The issue enables local attackers with access to application logs to obtain DB user credentials, potentially granting unauthorized database access. The available documents d...

5.4CVSS6.2AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 2024/06/12 5:15 p.m.50 views

CVE-2024-5908

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...

7.5CVSS0.00366EPSS
Exploits0References1
OSV
OSV
added 2024/06/12 5:15 p.m.6 views

CVE-2024-5908

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...

7.5CVSS7.1AI score0.00366EPSS
Exploits0References1
CVE
CVE
added 2024/06/12 4:28 p.m.100 views

CVE-2024-5908

CVE-2024-5908 affects the Palo Alto Networks GlobalProtect app. The issue allows exposure of encrypted user credentials (used to connect to GlobalProtect) through application logs. Affected component is the GlobalProtect client; root cause is credentials being written to or included in log files ...

7.5CVSS7.5AI score0.00366EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2024/06/12 4:0 p.m.24 views

GlobalProtect App: Encrypted Credential Exposure via Log Files

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting...

5.5CVSS6.3AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.5 views

Palo Alto Networks GlobalProtect Security Breach

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect, which arises from the fact that encrypted...

7.5CVSS6.7AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.6 views

PT-2024-4211 · Palo Alto Networks · Palo Alto Networks Globalprotect

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect App affected versions not specified Description: A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in applicati...

7.8CVSS6.7AI score0.00366EPSS
Exploits0References7
OSV
OSV
added 2024/05/02 9:16 p.m.3 views

CVE-2024-25047

IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956...

8.6CVSS5.8AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/03/27 3:0 p.m.50 views

Moderate: Red Hat Security Advisory: logging for Red Hat OpenShift security update

An update is now available for RHOL-5.8-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

7.5CVSS6.7AI score0.01262EPSS
Exploits1References11
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.7 views

Sesami Cash Point & Transport Optimizer Security Vulnerability

Sesami Cash Point & Transport Optimizer is a solution from Sesami, Inc. A security vulnerability exists in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6, which stems from the presence of a stored cross-site scripting vulnerability. The vulnerability allows remote attackers to execu...

6.1CVSS6.8AI score0.00455EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.9 views

PT-2023-23288 · Unknown · Sesami Cash Point & Transport Optimizer

Name of the Vulnerable Software and Affected Versions: Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log. This is a...

6.1CVSS6.3AI score0.00455EPSS
Exploits0References4
NVD
NVD
added 2023/08/22 7:16 p.m.20 views

CVE-2023-38732

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289...

4.3CVSS4.2AI score0.00443EPSS
Exploits0References2
Prion
Prion
added 2023/08/22 7:16 p.m.19 views

Code injection

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289...

4CVSS4.1AI score0.00443EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/08/22 1:13 p.m.14 views

CVE-2023-38732 IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289...

4.3CVSS5.8AI score0.00443EPSS
Exploits0References2
CVE
CVE
added 2023/08/22 1:13 p.m.57 views

CVE-2023-38732

IBM Robotic Process Automation 21.0.0–21.0.7 server is affected by an information-disclosure vulnerability where an authenticated user can view sensitive data in application logs. The issue is described across multiple sources (IBM X-Force ID 262289; RH and CNVD entries) but the provided document...

4.3CVSS4.2AI score0.00443EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/12 8:56 a.m.9 views

CVE-2023-2514 DB username/password revealed in application logs

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization...

6.7CVSS7AI score0.00547EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/12 8:56 a.m.30 views

CVE-2023-2514 DB username/password revealed in application logs

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization...

6.7CVSS7.8AI score0.00547EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/04/13 9:30 p.m.30 views

Spring Session session ID can be logged to the standard output stream

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...

6.5CVSS6.1AI score0.0066EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/04/13 8:15 p.m.32 views

CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...

6.5CVSS6.3AI score0.0066EPSS
Exploits0References1
Rows per page
Query Builder