Lucene search
K

276 matches found

Patchstack
Patchstack
added 2024/10/21 7:15 p.m.6 views

WordPress All-in-One WP Migration and Backup plugin <= 7.86 - Unauthenticated Information Disclosure via Error Logs vulnerability

Unauthenticated Information Disclosure via Error Logs vulnerability discovered by villu164 in WordPress Plugin All-in-One WP Migration versions = 7.86...

5.3CVSS6.6AI score0.01175EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/09/05 6:15 a.m.20 views

CVE-2024-6846

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

5.3CVSS0.01263EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/05 6:0 a.m.14 views

CVE-2024-6846 SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge

The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs...

7AI score0.01263EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/08/07 12:0 a.m.7 views

The vulnerability of the AssumeRoleWithWebIdentity request of the Security Token Service (AWS STS) – a single API for interacting with object storage services and local files in Apache Arrow Rust Object Store – allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the AssumeRoleWithWebIdentity request of the Security Token Service AWS STS – a single API for interacting with object storage services and local files – is related to insufficient protection of registration data. Exploiting this vulnerability allows an attacker to bypass...

7.8CVSS5.4AI score0.0071EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/08/03 12:0 a.m.6 views

Elastic APM Server 安全漏洞

Elastic APM Server is a lightweight Agent from the Dutch company Elastic. A security vulnerability exists in Elastic APM Server versions prior to 8.14.0, which stems from the server recording error logs that inadvertently record sensitive information, leading to a data leak...

6.5CVSS5.6AI score0.00437EPSS
Exploits0References2
Veracode
Veracode
added 2024/06/26 7:13 a.m.15 views

Information Disclosure

aimeos/ai-client-html is vulnerable to Sensitive Information Exposure. The vulnerability is due to debug information revealing sensitive information from environment variables in error logs, allowing attackers to potentially access confidential data...

8.8CVSS6.2AI score0.0051EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.5 views

Aimeos Security Breach

Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. A security vulnerability exists in Aimeos ai-client-html, which stems from a debugging message displaying sensitive information from an environment variable in the error log...

8.8CVSS6.5AI score0.0051EPSS
Exploits0References2
Veracode
Veracode
added 2024/05/30 6:18 a.m.17 views

Partial Password Leakage

ethyca-fides is vulnerable to Partial Password Leakage. The vulnerability is due to improper sanitization/redaction of the SQLAlchemy password string in error logs, which partially exposes the database password when special characters are used inside the password...

2.3CVSS7.2AI score0.00275EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/05/29 5:16 p.m.40 views

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver...

3.3CVSS3.5AI score0.00275EPSS
Exploits1References4
OSV
OSV
added 2024/05/29 3:25 p.m.26 views

GHSA-8CM5-JFJ2-26Q7 Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

2.3CVSS3.5AI score0.00275EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2024/05/29 3:25 p.m.53 views

Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as @ and $, webserver startup fails and the part of the password following the...

3.3CVSS7.2AI score0.00275EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2024/05/19 10:10 a.m.31 views

CVE-2024-35942 pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mpblk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is...

6.5AI score0.0021EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/12 12:0 a.m.16 views

Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer

Description The Basic Log Viewer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'wpstlwviewer' function. This makes it possible for unauthenticated attackers to erase error logs...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References1
Elastic
Elastic
added 2024/02/06 10:35 p.m.9 views

APM Server 8.12.1 Security Update (ESA-2024-03)

APM Server Insertion of Sensitive Information into Log File ESA-2024-03 An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the...

7.5CVSS6.6AI score0.00577EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.16 views

Send Users Email < 1.4.4 - Sensitive Information Exposure via Error Logs

Description The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via the plugin's error logs. This makes it possible for unauthenticated attackers to extract sensitive data about the plugin and site configuration...

5.3CVSS6.8AI score0.00435EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/12/14 1:13 a.m.5 views

SUSE CVE-2023-46675

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

8CVSS6.4AI score0.00608EPSS
Exploits0References3
Prion
Prion
added 2023/12/13 7:15 a.m.20 views

Authorization

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

4CVSS6.6AI score0.00608EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/12 6:28 p.m.4 views

CVE-2023-6687 Elastic Agent Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest,...

6.8CVSS6.7AI score0.00589EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.4 views

PT-2023-8930 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.11.2 Description: An issue was discovered whereby sensitive information may be recorded in Kibana logs in the event of an error or when debug level logging is enabled. The messages recorded in the log may contain...

8CVSS6.4AI score0.00608EPSS
Exploits0References10
Veracode
Veracode
added 2023/11/30 12:45 p.m.15 views

Sensitive Information Leak

kibana is vulnerable to Sensitive Information Leak. The vulnerability is due to sensitive information being recorded to logs in case of an error. The log can contain account credentials for the kibanasystem user, API Keys and credentials of kibana end users...

8CVSS6.7AI score0.00656EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder