Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project log vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2022-21704
log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any u...
Log4js Project Log4js
Debian Debian Linux 10.0
NA
CVE-2023-46446
An issue in AsyncSSH prior to 2.14.1 allows malicious users to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
Asyncssh Project Asyncssh
1 Github repository
1 Article
NA
CVE-2023-31439
An issue exists in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding ...
Systemd Project Systemd 253
1 Github repository
NA
CVE-2024-0987
A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may ...
Kuerp Project Kuerp
9
CVSSv2
CVE-2021-24453
The Include Me WordPress plugin up to and including 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore potentially a full compromise of the underlying structure
Include Me Project Include Me
5.5
CVSSv2
CVE-2018-14348
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
Libcgroup Project Libcgroup
Debian Debian Linux 8.0
Fedoraproject Fedora 28
NA
CVE-2022-42237
A SQL Injection issue in Merchandise Online Store v.1.0 allows an malicious user to log in to the admin account.
Merchandise Online Store Project Merchandise Online Store 1.0
7.5
CVSSv2
CVE-2021-40323
Cobbler prior to 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Cobbler Project Cobbler
4.6
CVSSv2
CVE-2014-7271
Simple Desktop Display Manager (SDDM) prior to 0.10.0 allows local users to log in as user "sddm" without authentication.
Sddm Project Sddm
Fedoraproject Fedora 20
Fedoraproject Fedora 21
NA
CVE-2022-4066
A vulnerability was found in davidmoreno onion. It has been rated as problematic. Affected by this issue is the function onion_response_flush of the file src/onion/response.c of the component Log Handler. The manipulation leads to allocation of resources. The name of the patch is...
Mozilla Firefox -
Onion Project Onion
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »