443 matches found
CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...
CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22...
GHSA-PPM5-JV84-2XG2 Aimeos HTML client may potentially reveal sensitive information in error log
Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the vendors...
Aimeos HTML client may potentially reveal sensitive information in error log
Impact Debug information can reveal sensitive information from environment variables in error log Affected platform Laravel environments with multi-vendor setups and admin access for the vendors...
Aimeos HTML client may potentially reveal sensitive information in error log
Debug information can reveal sensitive information from environment variables in error log...
UBUNTU-CVE-2024-38552
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...
Sensitive Information Exposure
chainguard.dev/apko is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper redaction of sensitive information within error log output, where HTTP basic auth credentials from repository and keyring URLs are exposed, which allows an attacker with access to logs to...
CVE-2023-52785 scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix racing issue between ufshcdmcqabort and ISR If command timeout happens and cq complete IRQ is raised at the same time, ufshcdmcqabort clears lprb-cmd and a NULL pointer deref happens in the ISR. Error log:...
Sensitive Information Disclosure
Home Assistant is vulnerable to Sensitive Information Disclosure. The vulnerability is due to an unauthenticated attacker being able to read the application's error log via components/api.py...
RHEL 6 / 7 : rh-mariadb101-mariadb and rh-mariadb101-galera (RHSA-2018:0574)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0574 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation...
WordPress Error Log Viewer by BestWebSoft Plugin < 1.1.3 is vulnerable to Sensitive Data Exposure
Software Error Log Viewer by BestWebSoft Type Plugin Vulnerable versions 1.1.3 Fixed in 1.1.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6821 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5e5f4366a821 Credits Dmitrii...
CVE-2023-6821
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization...
CVE-2023-6821 Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization...
CVE-2023-6821
CVE-2023-6821 affects the WordPress plugin Error Log Viewer by BestWebSoft prior to version 1.1.3. It enables directory listing that allows unauthorized reading and downloading of PHP logs, exposing sensitive data. Public references (NVD/Red Hat/PatchStack) confirm the issue and indicate the fix ...
CVE-2023-6821 Error Log Viewer < 1.1.3 - Directory Listing to Sensitive Data Exposure
The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization...
Error Log Leakage
fgr is vulnerable to Error Log Leakage. The vulnerability is due to insufficient sanitization of error messages or tracebacks within the code. The vulnerability allows an attacker with access to the log stream to expose potentially sensitive information through error messages or tracebacks...
WordPress Plugin Error Log Viewer by BestWebSoft Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
CVE-2024-27315 Apache Superset: Improper error handling on alerts
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert...
PT-2024-15099 · Bestwebsoft · Error Log Viewer
Name of the Vulnerable Software and Affected Versions: The Error Log Viewer by BestWebSoft WordPress plugin versions prior to 1.1.3 Description: The issue allows users to read and download PHP logs without authorization, potentially exposing sensitive data. This is a Directory Listing issue...