CVE-2024-37205 WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4...

CVE-2024-37270 WordPress TrustedLogin Vendor plugin < 1.1.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1...

WordPress SmartMag theme < 10.1.0 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme SmartMag versions 10.1.0...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to allow a remote authenticated attacker, denial of service, server-side request forgery SSRF, cross-site scripting, improper resource expiration handling, weaker than expected security for outbound TLS connections. These...

Insertion Of Sensitive Information Into Log File.

com.phloc:phloc-webscopes is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of logged HTTP requests within RequestWebScopeNoMultipart.java. This allows local attackers with access to the log files to view user passwords or other...

SUSE-SU-2024:2286-1 Security update for podman

This update for podman fixes the following issues: - CVE-2024-6104: Fixed a potential leak of sensitive information on HTTP log file bsc1227052...

GO-2024-2556 APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server

APM Server vulnerable to Insertion of Sensitive Information into Log File in github.com/elastic/apm-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Insertion Of Sensitive Information Into Log File

org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is due to the token being printed in the build log as part of the Bitbucket URL. An attacker can view the token and gain unauthorized access...

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

CVE-2024-28830

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p7, 2.2.0p28, 2.1.0p45 and =2.0.0p39 EOL causes automation user secrets to be written to audit log files accessible to administrators...

CVE-2024-28830 Automation user secrets written to audit log

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p7, 2.2.0p28, 2.1.0p45 and =2.0.0p39 EOL causes automation user secrets to be written to audit log files accessible to administrators...

CVE-2024-28830

CVE-2024-28830 affects Checkmk, with affected versions including &lt;2.3.0p7, &lt;2.2.0p28, &lt;2.1.0p45 and

Checkmk Security Vulnerabilities

Checkmk is an editor. A security vulnerability exists in Checkmk that originates from the insertion of sensitive information into a log file, resulting in information disclosure...

MAL-2024-6984 Malicious code in logstash_codec-bytes (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-6104

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2024-6104

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

AZL-42904 CVE-2024-6104 affecting package keda for versions less than 2.14.0-2

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

CVE-2024-6104

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...

CVE-2024-6104

CVE-2024-6104 affects go-retryablehttp prior to 0.7.7, where URLs were not sanitized when written to log files, allowing sensitive HTTP basic-auth credentials to be exposed in logs. The vulnerability is mitigated by upgrading to go-retryablehttp 0.7.7 or later. Several connected advisories refere...

CVE-2024-6104

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...