Medium: bind

Issue Overview: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikel...

Android - binder Use-After-Free via racy Initialization of ->allow_user_free Exploit

Android - binder Use-After-Free via racy Initialization of -allowuserfree Exploit The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. Th...

CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

Design/Logic Flaw

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

DEBIAN-CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

UBUNTU-CVE-2018-16889

Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable...

PT-2019-9383 · Ceph +3 · Ceph +3

Name of the Vulnerable Software and Affected Versions: Ceph versions up to v13.2.4 Description: The issue is related to the improper sanitization of encryption keys in debug logging for v4 auth, resulting in the leaking of encryption key information in log files via plaintext. Recommendations: Fo...

DEBIAN-CVE-2018-19960

The debugmode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshareserver.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname...

SUSE-SU-2018:3480-1 Security update for wpa_supplicant

This update for wpasupplicant provides the following fixes: This security issues was fixe: - CVE-2018-14526: Under certain conditions, the integrity of EAPOL-Key messages was not checked, leading to a decryption oracle. An attacker within range of the Access Point and client could have abused the...

ovirt-engine: DEBUG logging includes unmasked passwords

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

CVE-2017-12289

CVE-2017-12289 affects Cisco IOS XE Software IPsec verbose/dependent logging. The issue lies in the conditional, verbose debug logging implementation, causing sensitive IPsec information to be written to the system log. An authenticated, local attacker with valid admin credentials could enable IP...

Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug...

CVE-2017-11387

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512...

QEMU debug logging stack buffer overflow vulnerability

QEMU is an open source emulator software. Qemu supports usb-redirect with a stack buffer overflow vulnerability in debug logging, which allows local attackers to exploit the vulnerability by submitting specially crafted requests to crash a QEMU instance...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission Vulnerability

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments passed contains...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments passed contains vendor specific data from the user mode driver. The...

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission

NVIDIA Driver 375.70 - Buffer Overflow in Command Buffer Submission Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1012 DxgkDdiSubmitCommandVirtual is the function implemented by the kernel mode driver responsible for submitting a command buffer to the GPU. One of the arguments...

How to Enable Debug Logging on Workspace Environment Management Agent manually, if no connectivity to Broker exists

The Workstation Environment Management Agent and related service feature an optional debug level of logging.This additional level of logging is significantly more verbose than the standard logging levels and is disabled by default and only enabled to troubleshoot specific issues. Under normal...

How to debug Citrix Gateway connector logs (XNC)

In order to determine an issue with Citrix Gateway connector formerly known as XNC, we would need to enable debug logging...