4568 matches found
CVE-2024-47252
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
AZL-65226 CVE-2024-47252 affecting package httpd for versions less than 2.4.64-1
Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...
CVE-2025-5463
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information...
Apache HTTP Server 安全漏洞
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An unspecified vulnerability exists in Apache HTTP Server that stems from insufficient escaping of user-supplied data by modssl,...
CVE-2025-36599
Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be...
CVE-2025-36599
Summary: Dell PowerFlex Manager VM (Dell PowerFlex Manager VM) versions before 4.6.2.1 are affected by an insertion of sensitive information into log files. A low-privileged, remote attacker could exploit this to disclose user credentials and potentially access the system with the compromised acc...
CVE-2025-36599
Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be...
CVE-2025-5464
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information...
CVE-2025-5464
CVE-2025-5464 affects Ivanti Connect Secure (ICS) versions prior to 22.7R2.8. Affected component is the logging subsystem where sensitive information can be inserted into log files, enabling a local authenticated attacker to disclose that information. The documented remediation is to upgrade to I...
CVE-2025-5464
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information...
CVE-2025-5463
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information...
CVE-2025-5463
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information...
PT-2025-28485 · Ivanti · Ivanti Connect Secure
Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.8 Description: The issue allows a local authenticated attacker to obtain sensitive information that has been inserted into a log file. Recommendations: For versions prior to 22.7R2.8, update to...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Flask-CORS vulnerabilities (USN-7612-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7612-1 advisory. It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could...
Insertion Of Sensitive Information Into Log File
snyk is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper logging of sensitive data because of debug and trace log modes capturing container registry credentials, authentication tokens, and access tokens when certain CLI commands are executed...
CVE-2025-6624
Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when processing malformed data. An attacker can access sensitive information by submitting specially crafted malformed input that causes error messages to include confidential data in...
GHSA-6HWC-9H8R-3VMF Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode
Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...
BIT-GITLAB-2024-7586 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...
CVE-2024-7586 Insertion of Sensitive Information into Log File in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...