23 matches found
EUVD-2023-12633
Malicious code in bioql PyPI...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Log Forging CVE-2024-35150
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Log Forging CVE-2024-35150. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35150 DESCRIPTION: IBM Maximo Application Suite - Monitor Component does not...
CVE-2024-23194
Improper output Neutralization for Logs CWE-117 in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 MR1...
IBM Corporation AIX errlog() Log Injection Vulnerability
Talos Vulnerability Report TALOS-2023-1690 IBM Corporation AIX errlog Log Injection Vulnerability April 24, 2023 CVE Number None,CVE-2023-26286 SUMMARY An OS command injection vulnerability exists in the errlog syscall functionality of IBM Corporation AIX 7.2. A specially crafted syscall can lead...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
Input validation
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
CVE-2023-0595
A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port default 443. Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert...
CVE-2023-0595
CVE-2023-0595 describes CWE-117: Improper Output Neutralization for Logs. Affects EcoStruxure Geo SCADA Expert (2019–2021, all versions prior to October 2022) and ClearSCADA (all versions prior to October 2022). The issue involves misinterpretation of log files caused by malicious packets sent to...
CVE-2022-1522
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...
Input validation
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics...
CVE-2022-1522
CVE-2022-1522 affects Cognex 3D-A1000 Dimensioning System firmware 1.0.3 (3354) and earlier. The vulnerability is CWE-117: Improper Output Neutralization for Logs, enabling an attacker to forge log entries that falsely indicate a password change, complicating forensics. Connected advisories confi...
GitHub Security Lab: [Python]: CWE-117 Log Injection
This bug was reported directly to GitHub Security Lab...
GitHub Security Lab: [javascript] CWE-117: CodeQL query to detect Log Injection
This bug was reported directly to GitHub Security Lab...
CVE-2020-4072
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...
CVE-2020-4072
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...
Authentication flaw
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...
CVE-2020-4072
CVE-2020-4072 affects generator-jhipster-kotlin 1.6.0. It allows log forging by creating log entries for invalid password reset attempts using a user-provided email; the issue arises in applications generated with JWT or session authentication (OAuth apps are not affected). The root cause is logg...
CVE-2020-4072 Log Forging in generator-jhipster-kotlin
In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem...