226 matches found
Configure the SSH Service Log Level Properly
SSH provides multiple log output levels, such as QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. A higher log level such as QUIET or FATAL prints less log information. This saves drive space but hinders administrators from auditing and tracing SSH events. Conversely, a lowe...
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
CVE-2025-30205
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
CVE-2025-30205 kanidm-provision leaks provisioned admin credentials into the system log
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...
CVE-2025-30205
CVE-2025-30205 affects the kanidm-provision helper utility, which uses kanidm’s API to provision users/groups/OAuth2. Before patch 1.2.0, a faulty instrumentation in the optional kanidm patches causes provisioned admin credentials (admin/idm_admin) to be leaked to the system log. Impact is limite...
Synology DiskStation Manager Samba Out-of-bounds Read (CVE-2019-14907)
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with log level = 3 or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...
CVE-2024-37283
An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...
Elasticsearch Insertion of Sensitive Information into Log File
An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...
CVE-2024-3744
A flaw was found in azure-file-csi-driver. Anyone with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions...
CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs
A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...
azure-file-csi-driver discloses service account tokens in logs
CVSS Rating: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N - MEDIUM 6.5 A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to...
Log Injection
flask-cors is vulnerable to Log Injection when the log level is set to debug. The vulnerability is due to improper output neutralization for logs within extension.py. This allows attackers to insert fake log entries through specially crafted GET requests containing CRLF sequences in the request...
CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...
CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...
Design/Logic Flaw
A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...
PT-2023-31410 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 7.17.16 Elasticsearch versions prior to 8.11.2 Description: An issue was discovered whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents...
CVE-2023-49923
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released...
CVE-2023-49923
An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released...