333 matches found
CVE-2025-27496 Snowflake JDBC Driver client-side encryption key in DEBUG logs
Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...
Snowflake JDBC Driver client-side encryption key in DEBUG logs
Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC driver “Driver”. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not...
Linux Distros Unpatched Vulnerability : CVE-2017-15113
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level...
CVE-2025-1053 Brocade SANnav encryption key is logged in the debug logs
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANna...
CVE-2025-1053 Brocade SANnav encryption key is logged in the debug logs
Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANna...
Brocade SANnav encryption key is logged in the debug logs (CVE-2025-1053)
Under certain error conditions at time of Brocade SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Broca...
CVE-2022-39292
Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...
CVE-2025-24034
CVE-2025-24034 (Himmelblau) affects Himmelblau, an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.7.0 and older than 0.7.15 and older than 0.8.3, debug logging can leak credentials: user access tokens and Kerberos TGTs may be written to logs when debug is enabled. A...
Remote File Orchestrator Extension 安全漏洞
Remote File Orchestrator Extension is an open source remote file orchestrator extension for Keyfactor. It is used to remotely manage various file-based certificate stores and can be easily extended to manage other certificate stores. A security vulnerability exists in Remote File Orchestrator...
CVE-2022-43937
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a...
NetworkManager: Denial of Service
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service...
OESA-2024-2291 NetworkManager security update
NetworkManager attempts to keep an active network connection available at all times. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is intended to replace default routes, obtain IP addresses from a DHC...
CVE-2024-20490 Cisco Nexus Dashboard Fabric Controller and Nexus Dashboard Orchestrator Information Disclosure Vulnerability
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...
Cisco Smart Licensing Utility 安全漏洞
Cisco Smart Licensing Utility CSLU is an application from Cisco USA that allows customers to manage licenses and associated product instances from their local location. A security vulnerability exists in Cisco Smart Licensing Utility that stems from overly detailed logging in debug log files. It...
GO-2022-1154 Traefik may display authorization header in the debug logs in github.com/traefik/traefik
Traefik may display authorization header in the debug logs in github.com/traefik/traefik...
The vulnerability of the Elastick Stack Filebeat software, which logs log messages, is related to errors in input data in the httpjson format. As a result, the content of the http-request headers for Authorization or Proxy-Authorization may be logged in the debugging logs, allowing an intruder to access confidential information.
The vulnerability of the Elastick Stack Filebeat software for logging records is related to errors in the httpjson input data. As a result, the content of the http-request headers Authorization or Proxy-Authorization may be logged in the debugging logs. Exploiting this vulnerability can allow an...
ROS-20240726-08
Vulnerability in the httpjson component of Elastick Stack Filebeat is due to a bug in the input data of the httpjson, because of which the contents of the Authorization or Proxy-Authorization http-request header may into the debug logs. Exploitation of the vulnerability could allow an attacker...
SUSE CVE-2024-6501
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service...
CVE-2024-6501
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service...
CVE-2024-6501
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service...