Design/Logic Flaw

ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...

CVE-2023-52267

ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...

Code injection

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...

CVE-2023-46675 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

CVE-2023-46675

CVE-2023-46675 affects Elastic Kibana and describes an information-disclosure risk where sensitive data may be written to Kibana logs during errors or when debug logging is enabled. Affected ranges include Kibana 7.13.0–7.17.16 and 8.0.0–8.11.1. Log entries could contain credentials for kibana_sy...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure when logging details during an application error. An attacker can leak sensitive HTTP header information by triggering an application error. This is only exploitable if the headers are not sanitized before being sen...

PT-2023-12039 · Elastic · Apm .Net Agent

Name of the Vulnerable Software and Affected Versions: Elastic APM .NET Agent affected versions not specified Description: The issue concerns the Elastic APM .NET Agent leaking sensitive HTTP header information when logging application error details. Normally, the agent sanitizes sensitive HTTP...

CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

Design/Logic Flaw

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

Design/Logic Flaw

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL...

Design/Logic Flaw

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be...

CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

CVE-2023-26453

CVE-2023-26453 affects the Open-Xchange App Suite imageconverter service. The vulnerability allows SQL injection by crafting requests to cache an image, with arbitrary SQL statements executed in the context of the service database user. Exploitation requires access to adjacent networks of the ima...

CVE-2023-26453

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be...

CVE-2023-31422

A flaw was found by Elastic, where sensitive information is recorded in Kibana logs. This issue occurs in the event of an error when logging in to the JSON layout or when the pattern layout is configured to log the %meta pattern...

SUSE CVE-2023-31422

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

Design/Logic Flaw

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

CVE-2023-31422

Elastic Kibana 8.10.0 is affected when logging in JSON layout or with %meta in a pattern layout, potentially writing sensitive data to logs (credentials, headers, query params, etc.). Upgrading to Kibana 8.10.1 resolves the issue; Elastic also provides mitigations and guidance for self-managed an...

Kibana 8.10.1 Security Update

Kibana Insertion of Sensitive Information into Log File ESA-2023-17 An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is...

SUSE-RU-2023:2566-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: branch-network-formula: - Update to version 0.1.1680167239.23f2fec Remove unnecessary import of 'salt.ext.six' cobbler: - Fix cobbler buildiso so that the artifact can be booted by EFI firmware. bsc1206060 - Switch packaging from patch based to Git tree bas...