CVE-2024-20491 Cisco Nexus Dashboard Insights Information Disclosure Vulnerability

A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file...

CVE-2024-20490

The CVE-2024-20490 issue affects Cisco Nexus Dashboard Fabric Controller (NDFC) and Nexus Dashboard Orchestrator (NDO). Root cause: HTTP proxy credentials can be recorded in internal logs stored in tech support files, exposing admin credentials in clear text when those files are accessed. Impact:...

CVE-2024-7589

A signal handler in sshd8 may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's privileged code, which is not sandbox...

OpenSSH -- Pre-authentication async signal safety issue

The FreeBSD Project reports: A signal handler in sshd8 may call a logging function that is not async- signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's...

EulerOS Virtualization 2.11.1 : shim (EulerOS-SA-2024-1421)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tri...

CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

Format string

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

CVE-2023-40546

CVE-2023-40546 involves the shim/rhboot component. IBM and related advisories describe a vulnerability in the Shim boot path where a NULL pointer dereference can occur in the mirror_one_esl() function (mok.c), leading to a denial of service/crash when handling certain requests. The issue is discu...

CVE-2023-40546 Shim: out-of-bounds read printing error messages

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

CVE-2023-40546

A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a cras...

WireMock Cross-Site Scripting Vulnerability

WireMock is WireMock open source a popular API simulation test open source tool . WireMock cross-site scripting vulnerability , the vulnerability stems from the logging function of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by...

PT-2023-22422 · Totolink · Totolink X18

Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version 9.1.0cu.2024 B20220329 Description: The issue is related to multiple command injection vulnerabilities. These vulnerabilities can be exploited via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function...

CVE-2022-38699

Armoury Crate Service (ASUS Armoury Crate Service) is affected by a symbolic-link vulnerability in its logging function. The issue arises because the logging path validation does not detect if the log file is a symbolic link, enabling a physical attacker with general user privileges to modify the...

Privilege escalation

An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions...

CVE-2021-28098

An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions...

Gila CMS 代码问题漏洞

Gila CMS is an open source content management system CMS based on PHP and MySQL. A file upload vulnerability exists in Gila CMS 1.16.0. An attacker can exploit this vulnerability to upload a shell to the tmp directory, which can then be used to execute PHP files using .htaccess via the logging...

Cisco Ultra Services Platform Information Disclosure Vulnerability

Cisco Ultra Services Platform is an intelligent online service delivery platform from the U.S. company Cisco Cisco. An information disclosure vulnerability exists in the Virtual Network Manager's VNFM logging function in Cisco Ultra Services Platform version 21.0.v0.65839, which stems from the...