16 matches found
OliveTin's email argument makes compliance harder, enables log injection
Summary The typeSafetyCheckEmail function in service/internal/executor/arguments.go calls log.Errorf on every invocation including when validation succeeds err == nil. This means every email address submitted by any user is written to the application's ERROR-level log unconditionally. Because the...
GHSA-XX6G-43W2-9G6G OliveTin's email argument makes compliance harder, enables log injection
Summary The typeSafetyCheckEmail function in service/internal/executor/arguments.go calls log.Errorf on every invocation including when validation succeeds err == nil. This means every email address submitted by any user is written to the application's ERROR-level log unconditionally. Because the...
ProLion CryptoSpike Security Vulnerability
ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that originates from the insertion of sensitive information in a centralized Grafana logging system...
Graylog 数据伪造问题漏洞
Graylog is a centralized log management solution from Graylog USA. The product supports capturing, storing, and analyzing logs in real time, among other things. Graylog suffers from a data forgery issue vulnerability that stems from vulnerability to DNS cache poisoning attacks...
CVE-2023-22733
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issu...
CVE-2023-22733 Improper Output Neutralization in Log Module in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issu...
MAL-2022-1192 Malicious code in aws-centralized-logging (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5845c75da441cd748a399b12e5782955af2a324bbfa02ad3f3f2cf7c0a467fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aws-centralized-logging (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b5845c75da441cd748a399b12e5782955af2a324bbfa02ad3f3f2cf7c0a467fe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment
In recent days, the cybersecurity industry has been rapidly assessing the full impact of the Log4Shell CVE-2021-44228 and CVE-2021-45046 vulnerability. Many organizations are quickly trying to figure out whether this vulnerability is within their environment, and where. The next question a securi...
SAMHAIN v3.1.2 - File Integrity Checker / Host-Based Intrusion Detection System
The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...
[SAMHAIN v3.0.11 & BELTANE v2.4.6] Host-based intrusion detection system (HIDS)
The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...
Bluetooth scanner: Bluelog
Bluelog is a Linux Bluetooth scanner written to do a single task, log devices that are in discoverable mode. It is intended to be used as a site survey tool, determining how many discoverable Bluetooth devices there are in the area. It has also proven to be very well suited to Bluetooth traffic...
SAMHAIN v2.8.5 - intrusion detection system
SAMHAIN v2.8.5 - intrusion detection system The samhain open source host-based intrusion detection system HIDS provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been...
SAMHAIN v2.8.5 - intrusion detection system
SAMHAIN v2.8.5 - intrusion detection system The samhain open source host-based intrusion detection system HIDS provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been...
[SECURITY] Fedora 10 Update: prelude-manager-0.9.14.2-2.fc10
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is a multithreaded server which handles connections from the Prelude sensors. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any...
[SECURITY] Fedora 9 Update: prelude-manager-0.9.14.2-2.fc9
Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is a multithreaded server which handles connections from the Prelude sensors. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any...