EUVD-2005-4531

Malware in sbrugna...

GHSA-472F-VMF2-PR3H Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function

Impact Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instancelogs.go in the LXD 5.0 LTS series. This vulnerability was fixed in PR 15022 in February 2025, and is fixed in at least LX...

SUSE CVE-2022-48257

In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp...

GLSA-201203-20 : Logwatch: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201203-20 Logwatch: Arbitrary code execution logwatch.pl does not properly sanitize log filenames against shell metacharacters before passing them to the 'system' function. Impact : A remote attacker could pass a specially crafted...

Logwatch: Arbitrary code execution

Background Logwatch analyzes and reports on system logs. Description logwatch.pl does not properly sanitize log filenames against shell metacharacters before passing them to the "system" function. Impact A remote attacker could pass a specially crafted log filename to Logwatch, possibly resulting...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : logrotate vulnerabilities (USN-1172-1)

It was discovered that logrotate incorrectly handled the creation of new log files. Local users could possibly read log files if they were opened before permissions were in place. This issue only affected Ubuntu 8.04 LTS. CVE-2011-1098 It was discovered that logrotate incorrectly handled certain...

logrotate: DoS due improper escaping of file names within 'write state' action

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service rotation outage via a 1 \n newline or 2 \ backslash character in a log filename, as demonstrated by a filename that is automatically constructed on the basis ...

logrotate: Shell command injection by using the shred configuration directive

The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...

CVE-2011-1154

The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...

CVE-2011-1155

The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service rotation outage via a 1 \n newline or 2 \ backslash character in a log filename, as demonstrated by a filename that is automatically constructed on the basis ...

CVE-2005-4536

Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the PID-audit.log temporary file...

CVE-2005-4536

Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the PID-audit.log temporary file...