Lucene search
K

226 matches found

OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.3 views

Configure the SSH Service Log Level Properly

SSH provides multiple log output levels, such as QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. A higher log level such as QUIET or FATAL prints less log information. This saves drive space but hinders administrators from auditing and tracing SSH events. Conversely, a lowe...

6.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/04/28 12:20 a.m.1 views

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

7.5CVSS7.3AI score0.01183EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/26 5:21 p.m.8 views

CVE-2025-30205

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS7.1AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/24 4:47 p.m.12 views

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS0.00269EPSS
Exploits0References2
OSV
OSV
added 2025/03/24 4:47 p.m.4 views

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS6.8AI score0.00269EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/24 4:47 p.m.10 views

CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

7.6CVSS7AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 2025/03/24 4:47 p.m.87 views

CVE-2025-30205

CVE-2025-30205 affects the kanidm-provision helper utility, which uses kanidm’s API to provision users/groups/OAuth2. Before patch 1.2.0, a faulty instrumentation in the optional kanidm patches causes provisioned admin credentials (admin/idm_admin) to be leaked to the system log. Impact is limite...

7.6CVSS7AI score0.00269EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.19 views

Synology DiskStation Manager Samba Out-of-bounds Read (CVE-2019-14907)

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

6.5CVSS6.5AI score0.03151EPSS
Exploits0References12
NVD
NVD
added 2024/08/12 1:38 p.m.10 views

CVE-2024-37283

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...

6.5CVSS0.00563EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/07/26 6:30 a.m.17 views

Elasticsearch Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...

6.5CVSS6.5AI score0.00445EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/05/15 4:27 a.m.26 views

CVE-2024-3744

A flaw was found in azure-file-csi-driver. Anyone with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions...

6.5CVSS6.2AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 2024/05/15 12:42 a.m.3 views

CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...

6.5CVSS6.6AI score0.00269EPSS
Exploits0References5
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2024/05/08 4:2 p.m.13 views

azure-file-csi-driver discloses service account tokens in logs

CVSS Rating: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N - MEDIUM 6.5 A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to...

6.5CVSS6.4AI score0.00269EPSS
Exploits0
Veracode
Veracode
added 2024/04/22 5:53 a.m.31 views

Log Injection

flask-cors is vulnerable to Log Injection when the log level is set to debug. The vulnerability is due to improper output neutralization for logs within extension.py. This allows attackers to insert fake log entries through specially crafted GET requests containing CRLF sequences in the request...

5.3CVSS7.1AI score0.00574EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/04/19 8:15 p.m.14 views

CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

5.3CVSS5.2AI score
Exploits0References2
Cvelist
Cvelist
added 2024/04/19 7:37 p.m.36 views

CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

5.3CVSS5.5AI score0.00574EPSS
Exploits1References1
Prion
Prion
added 2024/02/01 3:15 p.m.19 views

Design/Logic Flaw

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

1.7CVSS7.1AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.3 views

PT-2023-31410 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.17.16 Elasticsearch versions prior to 8.11.2 Description: An issue was discovered whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents...

6.5CVSS6.9AI score0.00445EPSS
Exploits0References13
NVD
NVD
added 2023/12/12 6:15 p.m.16 views

CVE-2023-49923

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released...

6.8CVSS0.00594EPSS
Exploits0References2
OSV
OSV
added 2023/12/12 6:15 p.m.5 views

CVE-2023-49923

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released...

6.5CVSS5.8AI score0.00594EPSS
Exploits0References2
Rows per page
Query Builder