CVE-2020-13881

In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...

CVE-2019-10213

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator b...

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

Information disclosure

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

CVE-2018-21074

CVE-2018-21074 affects Samsung mobile devices running M(6.x) software on Exynos or Qualcomm chipsets. The issue is information disclosure from a Trustlet via the debug log. The available documents do not specify affected device models, versions, or the exact root cause details beyond the trustlet...

CVE-2018-21074

An issue was discovered on Samsung mobile devices with M6.x Exynos or Qualcomm chipsets software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 April 2018...

GStreamer gst-rtsp-server GstRTSPAuth Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this...

CVE-2020-5262

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

PYSEC-2020-268

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

Information disclosure

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

PYSEC-2020-41

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

Code injection

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

CVE-2018-20586

Removed by vendor...

CVE-2018-20586

CVE-2018-20586 affects bitcoind and Bitcoin-Qt prior to 0.17.1, where an RPC call can inject arbitrary data into the debug log. Affected component: Bitcoin Core’s RPC/debug logging. Root cause: ability to write arbitrary data via RPC into logs. Impact: log contents could be polluted with attacker...

Denial Of Service (DoS)

github.com/gambol99/go-marathon is vulnerable to denial of service DoS attacks. The vulnerability is possible due to the nil panic occurrence in the function 'NewClient' in client.go when accessing an empty debug log allowing an attacker to cause an application crash...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...