1660 matches found
CVE-2025-2688
A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The atta...
CVE-2025-2688
A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The atta...
CVE-2025-2688 TOTOLINK A3000RU Syslog Configuration File ExportSyslog.sh access control
A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The atta...
CVE-2025-2688 TOTOLINK A3000RU Syslog Configuration File ExportSyslog.sh access control
A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The atta...
TOTOLINK A3000RU 安全漏洞
The TOTOLINK A3000RU is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3000RU suffers from an Access Control Error vulnerability that originates from improper access control in the Syslog profile handling component in the file /cgi-bin/ExportSyslog.sh. No details of the...
PT-2025-12563 · Totolink · Totolink A3000Ru
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3000RU versions up to 5.9c.5185 Description: A problematic issue was found in the Syslog Configuration File Handler component, specifically in the file /cgi-bin/ExportSyslog.sh. This issue leads to improper access controls. The atta...
The vulnerability of the httpGetEnv() function in the microprogramming software of TP-Link’s wireless signal booster device TL-WA850RE allows a hacker to induce a service failure.
The vulnerability of the httpGetEnv function in the microprogramming software of TP-Link’s wireless signal booster device TL-WA850RE is related to the operation that goes beyond the buffer in memory when processing the end-point data/syslog.filter.json file with the type parameter. Exploiting thi...
SolarWinds Kiwi Syslog Server Installed (Windows)
Binary data solarwindskiwiwininstalled.nbin...
SolarWinds Kiwi Syslog Server NG 安全漏洞
SolarWinds Kiwi Syslog Server NG is an application from SolarWinds USA. A security vulnerability exists in SolarWinds Kiwi Syslog Server NG versions prior to 1.3.1, which stems from the fact that sensitive data may be exposed to unprivileged users in configuration files...
Azure Linux 3.0 Security Update: kernel (CVE-2024-42246)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42246 advisory. - In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of...
CVE-2022-38725 affecting package syslog-ng for versions less than 4.3.1-2
CVE-2022-38725 affecting package syslog-ng for versions less than 4.3.1-2. A patched version of the package is available...
CVE-2024-4161
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received clear text. This could allow an unauthenticated, remote attacker to capture sensitive information...
CVE-2025-21643
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO that is supplied with a biovec array. Currently, because of the async flag, this gets passed to netfsextractuseriter which throws a...
BIT-PHP-MIN-2024-9026 PHP-FPM logs from children may be altered
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
php: PHP-FPM Log Manipulation Vulnerability
A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...
php: PHP-FPM Log Manipulation Vulnerability
A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...
php: PHP-FPM Log Manipulation Vulnerability
A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...
php: PHP-FPM Log Manipulation Vulnerability
A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...
Astra Linux – Vulnerability in PHP 8.2
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, and 8.3. before 8.3.12, when using PHP-FPM SAPI and the option catchworkersoutput is set to yes, it is possible to manipulate the log messages by removing up to 4 characters from the log messages. Additionally, if PHP-FPM is configured to us...
Fedora 37 : rsyslog (2022-f2c4c83cc1)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-f2c4c83cc1 advisory. Automatic update for rsyslog-8.2204.0-1.fc37. Changelog Mon May 9 2022 Attila Lakatos - 8.2204.0-1 - rebase to 8.2204.0 resolves: rhbz1951970 - CVE-2022-2490...