Lucene search
K

227 matches found

ptsecurity
ptsecurity
added 2022/11/14 12:0 a.m.5 views

PT-2022-35647 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to an invalid address access when enabling SCAN log level in the brcmfmac wifi driver. The actual impact and attack plausibility have not yet been proven...

7.1AI score
Exploits0References1
redhat
redhat
added 2022/11/03 2:55 p.m.6 views

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.3AI score0.01183EPSS
Exploits0References4
redhat
redhat
added 2022/11/03 2:54 p.m.6 views

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.3AI score0.01183EPSS
Exploits0References4
osv
osv
added 2022/10/10 9:7 p.m.15 views

GHSA-4MJX-2GH5-PH8H Exposure of sensitive Slack webhook URLs in debug logs and traces

Impact Debug logs expose sensitive URLs for Slack webhooks that contain private information. Patches The problem is fixed in v1.3.2 which redacts sensitive URLs for webhooks. Workarounds Disabling/filtering debug logs in case you use Slack webhooks using tracing log level and filters. References...

7.5CVSS7.4AI score0.00663EPSS
Exploits0References7
redhat
redhat
added 2022/06/06 3:54 p.m.5 views

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.3AI score0.01183EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/03/13 12:0 a.m.13 views

OpenSSH 授权问题漏洞

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers from the Canadian OpenBSD Project Group. The tools are an open source implementation of the SSH protocol that supports encryption of all transmissions, effectively blocking eavesdropping, connection...

3.7CVSS7.1AI score0.01677EPSS
Exploits0References5
kitploit
kitploit
added 2021/12/26 8:30 p.m.40 views

SourceLeakHacker - A Multi Threads Web Application Source Leak Scanner

SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage dictionary scale --output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss --threads THREADS, -t THREADS threads numbers, default: 4 --timeout TIMEOUT HTTP request timeout...

7.3AI score
Exploits0References1
redhat
redhat
added 2021/12/13 3:29 p.m.4 views

kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9

A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. Previously, CVE-2019-11250 was assigned for the same issue for logging...

6.5CVSS6.6AI score0.01766EPSS
Exploits0References6
nessus
nessus
added 2021/10/27 12:0 a.m.42 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : samba Multiple Vulnerabilities (NS-SA-2021-0167)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has samba packages installed that are affected by multiple vulnerabilities: - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above...

10CVSS7.4AI score0.99512EPSS
Exploits75References9
ubuntucve
ubuntucve
added 2021/09/20 5:15 p.m.23 views

CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

4.1CVSS6.1AI score0.01953EPSS
Exploits0References2
osv
osv
added 2021/09/20 5:15 p.m.6 views

UBUNTU-CVE-2020-8561

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

4.1CVSS6.6AI score0.01953EPSS
Exploits0References3
prion
prion
added 2021/09/20 5:15 p.m.14 views

Design/Logic Flaw

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

4CVSS4.3AI score0.01953EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2021/09/20 5:5 p.m.29 views

CVE-2020-8561 Webhook redirect in kube-apiserver

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the lo...

4.1CVSS4.2AI score0.01953EPSS
Exploits0References4
redhat
redhat
added 2021/08/25 3:20 p.m.6 views

kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4

A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like...

5.5CVSS7.3AI score0.00461EPSS
Exploits0References6
nessus
nessus
added 2021/08/07 12:0 a.m.40 views

Debian DSA-4950-1 : ansible - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4950 advisory. Several vulnerabilities have been found in Ansible, a configuration management, deployment and task execution system, which could result in information disclosure...

7.9CVSS6.7AI score0.02043EPSS
Exploits6References39
nvd
nvd
added 2021/07/20 4:15 p.m.38 views

CVE-2021-32767

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3...

6.5CVSS0.00829EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/05/26 12:0 a.m.5 views

Versa Networks Versa Director 授权问题漏洞

Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. Versa Director suffers from an authorization issue vulnerability that originates from an unauthenticated...

5.3CVSS5.8AI score0.00742EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2021/03/30 12:0 a.m.5 views

The vulnerability of the Samba networking communication package lies in the reading of data beyond the allowed buffer size, allowing an attacker to cause a service failure.

The vulnerability of the Samba networking communication package is related to an error where “log level = 3” is displayed when the character conversion fails. This error results in a string from the user being printed. Exploiting this vulnerability can allow a remote attacker to cause service...

6.5CVSS6.7AI score0.03151EPSS
Exploits0References12Affected Software6
citrix
citrix
added 2021/03/10 12:0 a.m.11 views

EPA scan results are not getting displayed in ns.log when EPA policies are configured through N-Factor Authentication.

When EPA policies are configured through N-Factor Authentication, then EPA Scan results will not be displayed in the ns.log despite Debug log level is enabled...

7.1AI score
Exploits0
kitploit
kitploit
added 2021/02/28 11:30 a.m.199 views

Gargamel - A Forensic Evidence Acquirer

A Forensic Evidence Acquirer Compile Assuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release build type cargo build --release Debug build can be compiled using cargo build Compiled executable is located at target/release/gargamel.exe or...

7.7AI score
Exploits0References4
Rows per page
Query Builder