227 matches found
PT-2022-35647 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to an invalid address access when enabling SCAN log level in the brcmfmac wifi driver. The actual impact and attack plausibility have not yet been proven...
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
GHSA-4MJX-2GH5-PH8H Exposure of sensitive Slack webhook URLs in debug logs and traces
Impact Debug logs expose sensitive URLs for Slack webhooks that contain private information. Patches The problem is fixed in v1.3.2 which redacts sensitive URLs for webhooks. Workarounds Disabling/filtering debug logs in case you use Slack webhooks using tracing log level and filters. References...
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
OpenSSH 授权问题漏洞
OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers from the Canadian OpenBSD Project Group. The tools are an open source implementation of the SSH protocol that supports encryption of all transmissions, effectively blocking eavesdropping, connection...
SourceLeakHacker - A Multi Threads Web Application Source Leak Scanner
SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage dictionary scale --output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss --threads THREADS, -t THREADS threads numbers, default: 4 --timeout TIMEOUT HTTP request timeout...
kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. Previously, CVE-2019-11250 was assigned for the same issue for logging...
NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2021-0167)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities: - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above...
CVE-2020-8561
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...
UBUNTU-CVE-2020-8561
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...
Design/Logic Flaw
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...
CVE-2020-8561 Webhook redirect in kube-apiserver
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...
kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like...
Debian DSA-4950-1 : ansible - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4950 advisory. Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure...
CVE-2021-32767
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3...
Versa Networks Versa Director 授权问题漏洞
Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. Versa Director suffers from an authorization issue vulnerability that originates from an unauthenticated...
The vulnerability of the Samba networking communication package lies in the reading of data beyond the allowed buffer size, allowing an attacker to cause a service failure.
The vulnerability of the Samba networking communication package is related to an error where “log level = 3” is displayed when the character conversion fails. This error results in a string from the user being printed. Exploiting this vulnerability can allow a remote attacker to cause service...
EPA scan results are not getting displayed in ns.log when EPA policies are configured through N-Factor Authentication.
When EPA policies are configured through N-Factor Authentication, then EPA Scan results will not be displayed in the ns.log despite Debug log level is enabled...
Gargamel - A Forensic Evidence Acquirer
A Forensic Evidence Acquirer Compile Assuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release build type cargo build --release Debug build can be compiled using cargo build Compiled executable is located at target/release/gargamel.exe or...