91 matches found
CVE-2025-53512
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...
CVE-2025-53512 Sensitive log retrieval in Juju
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...
CVE-2025-53512
CVE-2025-53512 concerns Juju controllers where the /log endpoint is accessible to authenticated users without proper authorization checks, enabling exposure of debug log messages that may contain sensitive information. Affected component: Juju controller API/server logic handling log streaming. R...
PT-2025-28633
Name of the Vulnerable Software and Affected Versions: Juju affected versions not specified Description: The issue concerns the "/log" endpoint on a Juju controller, which lacked sufficient authorization checks. This allowed unauthorized users to access debug messages that could contain sensitive...
CVE-2008-7261
The Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local users to obtain sensitive information by reading this file...
CVE-2025-2469
GitLab CE/EE (versions 17.9 up to 17.9.5, 17.10 up to 17.10.3) contains a vulnerability where runtime profiling data of a specific service was accessible to unauthenticated users. The available sources consistently describe the issue as affecting GitLab CE/EE 17.9 before 17.9.6 and 17.10 before 1...
CVE-2025-31001
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through = 2.4.0...
CVE-2025-31001
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through = 2.4.0...
CVE-2025-31001 WordPress GTM Kit plugin <= 2.4.0 - Sensitive Data Exposure vulnerability
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through = 2.4.0...
CVE-2025-31001 WordPress GTM Kit plugin <= 2.4.0 - Sensitive Data Exposure vulnerability
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM Kit: from n/a through = 2.4.0...
CVE-2025-31001
CVE-2025-31001 affects GTM Kit – Google Tag Manager & GA4 integration (GTM Kit) prior to version 2.4.0. The issue is an unauthenticated exposure of sensitive information via debug messages, as indicated by the vulnerability entry. CVSS v3.1 vectors show Network access, low attack complexity, no p...
PT-2025-14073 · Unknown · Tla Media Gtm Kit
Name of the Vulnerable Software and Affected Versions: TLA Media GTM Kit versions n/a through 2.3.1 Description: The issue allows retrieval of embedded sensitive data due to debug messages revealing unnecessary information. Recommendations: For versions n/a through 2.3.1, update to a version that...
SUSE-SU-2025:20132-1 Security update for pam_u2f
This update for pamu2f fixes the following issues: - update to 1.3.2: Relax authfile permission check to a warning instead of an error to prevent a breaking change locking existing users out of their systems. - update to 1.3.1: CVE-2025-23013: Fixed problematic PAMIGNORE return values in...
Linux Distros Unpatched Vulnerability : CVE-2012-0814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows...
Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
Overview MFPs multifunction printers provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below. Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' CWE-776 - CVE-2024-27141, CVE-2024-27142 Execution with...
RHEL 6 : openssh (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssh: loading of untrusted PKCS11 modules in ssh-agent CVE-2016-10009 - openssh: Bounds check can be...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Debug Messages Revealing Unnecessary Information (CVE-2023-5392)
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning. This...
Dell BSAFE Information Disclosure Vulnerability
Dell BSAFE is a security software product from Dell Inc. that supports cryptographic algorithms, certificate chain validation, and Transport Layer Security TLS encryption suites, among other things, to help users achieve a variety of security goals for their applications. An information disclosur...
PT-2024-12152 · Dell · Bsafe Ssl-J
Name of the Vulnerable Software and Affected Versions: Dell BSAFE SSL-J versions prior to 6.5 Dell BSAFE SSL-J versions 7.0 and 7.1 Description: The issue is related to a debug message revealing unnecessary information, which may lead to disclosing sensitive information to a locally privileged...
Information Disclosure
Vaadin is vulnerable to Information Disclosure. The vulnerability exists due to lack of masking sensitive debug messages which allows an attacker to view information such as class and method names included in RPC responses by sending modified requests...