CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

Information disclosure

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

CVE-2018-21074

CVE-2018-21074 affects Samsung mobile devices running M(6.x) software on Exynos or Qualcomm chipsets. The issue is information disclosure from a Trustlet via the debug log. The available documents do not specify affected device models, versions, or the exact root cause details beyond the trustlet...

GStreamer gst-rtsp-server GstRTSPAuth Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this...

CVE-2020-5262

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

PYSEC-2020-268

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

Information disclosure

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

PYSEC-2020-41

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

Code injection

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

CVE-2018-20586

Removed by vendor...

CVE-2018-20586

CVE-2018-20586 affects bitcoind and Bitcoin-Qt prior to 0.17.1, where an RPC call can inject arbitrary data into the debug log. Affected component: Bitcoin Core’s RPC/debug logging. Root cause: ability to write arbitrary data via RPC into logs. Impact: log contents could be polluted with attacker...

Denial Of Service (DoS)

github.com/gambol99/go-marathon is vulnerable to denial of service DoS attacks. The vulnerability is possible due to the nil panic occurrence in the function 'NewClient' in client.go when accessing an empty debug log allowing an attacker to cause an application crash...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

openSUSE Security Update : cacti / cacti-spine (openSUSE-2020-272)

This update for cacti, cacti-spine fixes the following issues : cacti-spine was updated to version 1.2.9. Security issues fixed : - CVE-2009-4112: Fixed a privilege escalation bsc1122535. - CVE-2018-20723: Fixed a cross-site scripting XSS vulnerability bsc1122245. - CVE-2018-20724: Fixed a...

DEBIAN-CVE-2020-7237

Cacti 1.2.8 allows Remote Code Execution by privileged users via shell metacharacters in the Performance Boost Debug Log field of pollerautomation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance...