ZSQL: Server Logging Levels

The LOGLEVEL parameter specifies the levels of run logs and debug logs to be written into the server. The default value is 7, indicating that run logs in all levels are written into the server. If LOGLEVEL is set to 0, not only RUN and DEBUG logging, but also ALARM logging will be disabled. This...

CVE-2020-1987

An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versio...

Information Disclosure

easybuildframework is vulnerable to information disclosure. The vulnerability exists as sensitive information such as the GitHub Personal Access Token are improperly handled and shown in plain text in EasyBuild's debug logs...

GHSA-2WX6-WC87-RMJM GitHub personal access token leaking into temporary EasyBuild (debug) logs

Impact The GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --from-pr, etc. is shown in plain text in EasyBuild debug log files. Scope: the log message only appears in the top-level log file, not in the individual software installation logs see...

PYSEC-2020-41

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

PYSEC-2020-268

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

CVE-2020-5262 GitHub personal access token leaking into temporary EasyBuild (debug) logs

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

Linux: daemon.debug in /etc/rsyslog.conf

Test if and to which file the debug logs generated by the daemon process are recorded. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

UBUNTU-CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

CVE-2019-3763

The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated...

CVE-2019-5634

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy BLE from the mobile application are logged in...

Docker CE and EE Information Disclosure Vulnerabilities

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

Ubuntu 16.04 LTS : Ceph vulnerabilities (USN-4035-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4035-1 advisory. It was discovered that Ceph incorrectly handled read only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys...

Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability

The version of Fortinet FortiClient running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if...

Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability (macOS)

The version of Fortinet FortiClient Mac running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only ...

Multiple VPN applications insecurely store session cookies

The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if endpoint device has been compromised in such a way that the attacker has access to...

Cross-Site Scripting (XSS)

apache activemq is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the refresh parameter to PortfolioPublishServlet.java, and through debug logs or subscribe messages in webapp/websocket/chat.js...

CVE-2018-18466

An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...

CVE-2017-15113

CVE-2017-15113 affects ovirt-engine (Red Hat Virtualization Manager) prior to version 4.1.7.6, where DEBUG logging exposes passwords in plaintext in log files. The issue arises because log level DEBUG can reveal sensitive credentials, and only admins can change log level/access logs; this creates...

Unable to install Secure Mail Public version for iOS - Incompatible app

Issue --------------- Unable to install Secure Mail Public version for iOS - Incompatible app Logs ------------- Xcode Logs Dec 14 09:29:52 iPhone WorxMailAppStore985 : -NSFileManagerMdxEncryption ctxRemoveItemAtPath:error:: errno=2 Dec 14 09:29:52 iPhone WorxMailAppStorelibsqlite3.dylib985 : BUG...