Linux Distros Unpatched Vulnerability : CVE-2024-45339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a...

uberAgent service stops after a few seconds

Windows' Services console shows that uberAgent service is not running. When manually started, the service starts and stops after a few seconds. uberAgent log file located in C:\Windows\Temp default location shows the issue with network driver startup. Example: 2025-03-01 17:28:33.013 +0200,INFO...

CVE-2023-49031

Directory Traversal Local File Inclusion vulnerability in Tikit now Advanced eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFile endpoint...

USN-7314-1 krb5 vulnerabilities

It was discovered that Kerberos incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause Kerberos to consume memory,leading to a denial of service. CVE-2024-26458, CVE-2024-26461 It was discovered that Kerberos incorrectly handled certain memory...

Insertion of Sensitive Information into Log File

Overview kuzu is an An in-process property graph database management system built for query speed and scalability. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in shell history. Remediation Upgrade github.com/kuzudb/go-kuzu to version 0.8.2 or higher. References - GitH...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in shell history. Remediation Upgrade com.kuzudb:kuzu to version 0.8.2 or higher. References - GitHub Commit ...

CVE-2024-45674

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user...

openSUSE Security Advisory (SUSE-SU-2025:0611-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-45674 IBM Security Verify Bridge information disclosure

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user...

Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. bsc1236560 Patch Instructions: To install this SUSE update use the SUSE...

SUSE-SU-2025:0580-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues: - CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. bsc1236560...

Debian dla-4056 : golang-glog-dev - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4056 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4056-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-46215

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

Azure Linux 3.0 Security Update: sriov-network-device-plugin / vitess (CVE-2024-45339)

The version of sriov-network-device-plugin / vitess installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45339 advisory. - When logs are written to a widely-writable directory the default, an...

CVE-2025-24889 Path traversal in sd-log Qubes virtual machine

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain...

PT-2025-6864 · Unknown · Olajowon Loggrove

Name of the Vulnerable Software and Affected Versions: olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6 Description: A problematic issue has been found in olajowon Loggrove, affecting an unknown function of the file "/read/?page=1&logfile=LOG Monitor" in the Logfile Update Handler...

Vulnerability when creating log files in github.com/golang/glog

...

The vulnerability of the JDBC_PING configuration of the Infinispan data storage software allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the JDBCPING configuration in the Infinispan data storage software is related to the disclosure of information through registration files in the log files. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...

CVE-2024-56473

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers...