CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference

On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2...

N‑able N-Central 安全漏洞

N-able N-Central is a powerful, customizable remote monitoring and management platform from N-able. A security vulnerability exists in N-able N-Central versions prior to 2025.2 that originates from an authenticated user being able to read and write modify syslog configuration...

PT-2025-34268 · Solarwinds · N-Central

Name of the Vulnerable Software and Affected Versions: N-central versions prior to 2025.2 Description: An authenticated user can read, write, and modify syslog configurations across customers on an N-central server. Recommendations: Update to version 2025.2 or later...

BIT-LIBPHP-2024-9026 PHP-FPM logs from children may be altered

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an over-warning by the ath6kl wifi driver of incorrect firmware inputs, which could lead to syslog...

CVE-2025-54319

An issue was discovered in Westermo WeOS 5 5.24 through 5.24.4. A threat actor potentially can gain unauthorized access to sensitive information via system logging information syslog verbose logging that includes credentials...

CVE-2025-54319

Westermo WeOS versions 5.24–5.24.4 are affected by CVE-2025-54319 due to verbose syslog logging that can disclose credentials, enabling potential unauthorized access to sensitive information. Root cause: logging configuration exposes credentials in syslog. Affected software: Westermo WeOS 5.x (5....

PT-2025-30217 · Westermo · Westermo Weos

Name of the Vulnerable Software and Affected Versions: Westermo WeOS versions 5.24 through 5.24.4 Description: An issue was discovered that allows a threat actor to potentially gain unauthorized access to sensitive information via system logging information, specifically through verbose syslog...

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...

CVE-2025-6148

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack...

Quantenna Communications Quantenna Wi-Fi chipset 安全漏洞

Quantenna Communications Quantenna Wi-Fi chipset is a WiFi chip from Quantenna Communications, USA. A security vulnerability exists in Quantenna Communications Quantenna Wi-Fi chipset version 8.0.0.28 and earlier, which originates from a command injection in the getsyslogfromqtn parameter in the...

VulnCheck KEV: CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password...

Debian: Security Advisory (DLA-4182-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4182-1] syslog-ng security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4182-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA May 28, 2025 https://wiki.debian.org/LTS -...

DLA-4182-1 syslog-ng - security update

Bulletin has no description...

Debian dla-4182 : syslog-ng - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4182 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4182-1 [email protected] https://www.debian.org/lts/security/...

Fedora: Security Advisory (FEDORA-2025-7f48333f3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-0fc3d8b7bf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-7907

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.85220230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. T...

CVE-2023-28616

An issue was discovered in Stormshield Network Security SNS before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends...