10 matches found
Security Bulletin: IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets (CVE-2025-13755)
Summary IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets. Vulnerability Details CVEID:CVE-2025-13755 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially...
CVE-2025-70040
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information...
OESA-2025-2384 xml-security security update
The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing. Security Fixes: All versions of Apache Santuario - XML Security for Java...
EUVD-2022-51666
Malicious code in bioql PyPI...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache XML Security for Java.
Summary Multiple vulnerabilities in Apache XML Security for Java that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-20945 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker...
CVE-2025-49009
Para’s CVE-2025-49009 affects the Para server (Facebook authentication flow) via FacebookAuthFilter.java, where a failed request to Facebook’s profile endpoint logs the full URL including the user’s access token in plaintext. The issue exists in versions prior to 1.50.8 and is mitigated by upgrad...
PT-2024-10886 · Opentext · Opentext Edirectory
Name of the Vulnerable Software and Affected Versions: OpenText eDirectory version 9.2.4.0000 Description: A Possible Insertion of Sensitive Information into Log File issue has been discovered in eDirectory. This issue affects the logging mechanism, potentially allowing sensitive information to b...
go-retryablehttp: url might write sensitive information to log file
A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information...
PT-2024-38015 · Cato Networks · Cato Networks Sdp Client
Name of the Vulnerable Software and Affected Versions: Cato Networks SDP Client versions prior to 5.10.34 Description: A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack...
Mandrake Linux Security Advisory : samba (MDKSA-2001:062)
Michal Zalewski has found a vulnerability in all versions of Samba prior to 2.0.10 where if a client sends an invalid netbios name Samba could be tricked into appending it's log to files writable by root. This can be very dangerous if combined with a symlink created by a local user. Note that the...