222 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...
CVE-2023-53639
Technical details about CVE-2023-53639 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories to obtain affected products, versions, and remediation information.
EUVD-2019-2229
Malware in sbrugna...
EUVD-2021-1435
Malware in sbrugna...
EUVD-2021-2002
Malware in sbrugna...
EUVD-2019-5976
Malware in sbrugna...
EUVD-2014-4936
Malware in sbrugna...
EUVD-2023-53818
Malicious code in bioql PyPI...
EUVD-2024-36558
Malicious code in bioql PyPI...
EUVD-2023-2836
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-14907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above then the...
Linux Distros Unpatched Vulnerability : CVE-2020-8565
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs a...
Sensitive Information Disclosure
github.com/edgelesssys/contrast is vulnerable to information disclosure. The vulnerability is due to improper logging configuration due to secrets being written to stderr and Kubernetes logs when the log level is set to info or debug, which is the default...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging configuration. An attacker can access sensitive information by exploiting the log output when the log level is set to info or debug. This is only exploitable if the...
Contrast workload secrets leak to logs on INFO level
Impact When the Contrast initializer is configured with a CONTRASTLOGLEVEL of info or debug, the workload secret is logged to stderr and written to Kubernetes logs. Since info is the default setting, this affects all Contrast installations that don't customize their initializers' log level. The...
CVE-2024-37283
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...
CVE-2023-5339
Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged...
CVE-2021-32767
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3...