CVE-2024-54491

CVE-2024-54491 : macOS Sequoia 15.2 fixes a location-privacy issue in logging. The vulnerability allowed a malicious application to determine a user’s current location via logging data. The issue is resolved by sanitizing log output. Affected product/versions and remediation are limited to what i...

SUSE-SU-2024:4194-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2024-53981: excessive logging for certain inputs when parsing form data. bsc1234115...

CVE-2024-51752

The CVE-2024-51752 entry concerns the AuthKit Next.js library for WorkOS/AuthKit integration. Affected versions log refresh tokens to the console when the debug flag is enabled, enabling potential token exposure through logs. The issue has a patched fix in version 0.13.2; upgrading to that versio...

Important: httpd24

Issue Overview: Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to...

CVE-2024-47083 Power Platform Terraform Provider has Improper Masking of Secrets in Logs

Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitive information, specifically the clientsecret used in the service principal authentication, may be...

PT-2024-28955 · Steeltoe · Steeltoe.Discovery.Eureka

Name of the Vulnerable Software and Affected Versions: Steeltoe.Discovery.Eureka versions prior to 3.2.8 Description: The issue concerns credential leakage in logs when utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry. Only...

CVE-2024-1102

A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection...

PT-2024-16708 · Unknown · Jberet-Core

Name of the Vulnerable Software and Affected Versions: jberet-core affected versions not specified Description: A vulnerability was found in jberet-core logging. An exception in dbProperties might display user credentials such as the username and password for the database-connection...

CVE-2024-23791 Unnecessary data is written to log if issues during indexing occurs

Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1...

EulerOS 2.0 SP8 : cups (EulerOS-SA-2023-3119)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attack...

PT-2023-29713 · Yandex · Ydb-Go-Sdk

Name of the Vulnerable Software and Affected Versions: ydb-go-sdk versions 3.48.6 through 3.53.2 Description: The issue concerns a potential leak of sensitive information, such as credentials, into logs when using a custom credentials object with ydb-go-sdk. This occurs because the custom...

CVE-2023-21664 Buffer Copy without Checking the Size of Input(Classic Buffer Overflow) in Core Platform

Memory Corruption in Core Platform while printing the response buffer in log...

Medium: cups

Issue Overview: A vulnerability was found in CUPS. This issue occurs due to logging data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data immediately before the connection closed, resulting in a use-after-free in cupsdAcceptClient in...

AZL-37074 CVE-2023-34241 affecting package cups for versions less than 2.3.3op2-7

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data...

USN-6128-2 cups vulnerability

USN-6128-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or...

PT-2023-19934 · Mattermost · Mattermost Server

Name of the Vulnerable Software and Affected Versions: Mattermost Server affected versions not specified Description: The issue concerns the Mattermost Server, where it fails to properly redact the database username and password before logging this information during server initialization...

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

CVE-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

JSA10453 - 2010-09 Security Bulletin: Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS): Local Client Logging Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. User session information is saved to the local system even when client logging is disabled. Pulse Secure would like to acknowledge Espion Ltd. Dublin, Ireland for bringing this to our...

PT-2022-20894 · Vmware · Vcenter Server +1

Name of the Vulnerable Software and Affected Versions: vCenter Server affected versions not specified Description: The vCenter Server contains an information disclosure issue due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Serv...