276 matches found
WordPress All-in-One WP Migration and Backup plugin <= 7.86 - Unauthenticated Information Disclosure via Error Logs vulnerability
Unauthenticated Information Disclosure via Error Logs vulnerability discovered by villu164 in WordPress Plugin All-in-One WP Migration versions = 7.86...
CVE-2024-6846
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...
CVE-2024-6846 SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...
The vulnerability of the AssumeRoleWithWebIdentity request of the Security Token Service (AWS STS) – a single API for interacting with object storage services and local files in Apache Arrow Rust Object Store – allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the AssumeRoleWithWebIdentity request of the Security Token Service AWS STS – a single API for interacting with object storage services and local files – is related to insufficient protection of registration data. Exploiting this vulnerability allows an attacker to bypass...
Elastic APM Server 安全漏洞
Elastic APM Server is a lightweight Agent from the Dutch company Elastic. A security vulnerability exists in Elastic APM Server versions prior to 8.14.0, which stems from the server recording error logs that inadvertently record sensitive information, leading to a data leak...
Information Disclosure
aimeos/ai-client-html is vulnerable to Sensitive Information Exposure. The vulnerability is due to debug information revealing sensitive information from environment variables in error logs, allowing attackers to potentially access confidential data...
Aimeos Security Breach
Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. A security vulnerability exists in Aimeos ai-client-html, which stems from a debugging message displaying sensitive information from an environment variable in the error log...
Partial Password Leakage
ethyca-fides is vulnerable to Partial Password Leakage. The vulnerability is due to improper sanitization/redaction of the SQLAlchemy password string in error logs, which partially exposes the database password when special characters are used inside the password...
CVE-2024-34715
Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...
GHSA-8CM5-JFJ2-26Q7 Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...
CVE-2024-35942 pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mpblk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...
Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer
Description The Basic Log Viewer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'wpstlwviewer' function. This makes it possible for unauthenticated attackers to erase error logs...
APM Server 8.12.1 Security Update (ESA-2024-03)
APM Server Insertion of Sensitive Information into Log File ESA-2024-03 An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the...
Send Users Email < 1.4.4 - Sensitive Information Exposure via Error Logs
Description The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via the plugin's error logs. This makes it possible for unauthenticated attackers to extract sensitive data about the plugin and site configuration...
SUSE CVE-2023-46675
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...
Authorization
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...
CVE-2023-6687 Elastic Agent Insertion of Sensitive Information into Log File
An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest,...
PT-2023-8930 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...
Sensitive Information Leak
kibana is vulnerable to Sensitive Information Leak. The vulnerability is due to sensitive information being recorded to logs in case of an error. The log can contain account credentials for the kibanasystem user, API Keys and credentials of kibana end users...