Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36567 | 2 Gin-gonic, Redhat | 3 Gin, Migration Toolkit Applications, Rhmt | 2024-08-04 | 7.5 High |
| Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines. | ||||
| CVE-2020-25646 | 1 Ansible Collections Project | 1 Community.crypto | 2024-08-04 | 7.5 High |
| A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality | ||||
| CVE-2020-14332 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2024-08-04 | 5.5 Medium |
| A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-4072 | 1 Jhipster | 1 Generator-jhipster-kotlin | 2024-08-04 | 5.3 Medium |
| In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forge log entries. This is vulnerable to https://cwe.mitre.org/data/definitions/117.html This problem affects only application generated with jwt or session authentication. Applications using oauth are not vulnerable. This issue has been fixed in version 1.7.0. | ||||
| CVE-2021-43410 | 1 Apache | 1 Airavata Django Portal | 2024-08-04 | 5.3 Medium |
| Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170 | ||||
| CVE-2021-42250 | 1 Apache | 1 Superset | 2024-08-04 | 6.5 Medium |
| Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. | ||||
| CVE-2021-22096 | 4 Netapp, Oracle, Redhat and 1 more | 12 Active Iq Unified Manager, Management Services For Element Software And Netapp Hci, Metrocluster Tiebreaker and 9 more | 2024-08-03 | 4.3 Medium |
| In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | ||||
| CVE-2022-32549 | 1 Apache | 2 Sling Api, Sling Commons Log | 2024-08-03 | 5.3 Medium |
| Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. | ||||
| CVE-2022-31684 | 2 Pivotal, Redhat | 3 Reactor Netty, Camel Spring Boot, Openshift Application Runtimes | 2024-08-03 | 4.3 Medium |
| Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled. | ||||
| CVE-2022-22151 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-08-03 | 8.1 High |
| CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | ||||
| CVE-2022-1522 | 1 Cognex | 2 3d-a1000 Dimensioning System, 3d-a1000 Dimensioning System Firmware | 2024-08-03 | 5.3 Medium |
| The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-117: Improper Output Neutralization for Logs, which allows an attacker to create false logs that show the password as having been changed when it is not, complicating forensics. | ||||
| CVE-2023-46713 | 1 Fortinet | 1 Fortiweb | 2024-08-02 | 4.9 Medium |
| An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application. | ||||
| CVE-2023-39461 | 2024-08-02 | N/A | ||
| Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535. | ||||
| CVE-2023-38020 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-08-02 | 4.3 Medium |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576. | ||||
| CVE-2023-28952 | 2024-08-02 | 5.3 Medium | ||
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to injection attacks in application logging by not sanitizing user provided data. IBM X-Force ID: 251463. | ||||
| CVE-2023-28486 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-08-02 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in log messages. | ||||
| CVE-2023-28487 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-08-02 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in sudoreplay output. | ||||
| CVE-2023-20866 | 1 Vmware | 1 Spring Session | 2024-08-02 | 6.5 Medium |
| In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. | ||||
| CVE-2023-7234 | 1 Integrationobjects | 1 Opc Ua Server Toolkit | 2024-08-02 | 5.3 Medium |
| OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field. | ||||
| CVE-2023-1711 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-02 | 4 Medium |
| A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman_un:R16A:*:*:*:*:*:*:* * * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy: unem :R16A:*:*:*:*:*:*:* | ||||