Lucene search
K

303 matches found

OSV
OSV
added 2025/05/23 2:0 p.m.5 views

OESA-2025-1554 python-tornado security update

Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.6 views

CVE-2024-20457

A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentia...

6.5CVSS6.4AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.8 views

CVE-2023-34223

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases...

5.3CVSS6.8AI score0.01326EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:20 a.m.12 views

CVE-2023-51712

An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...

4.7CVSS6.6AI score0.00293EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:18 a.m.4 views

CVE-2023-51390

journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in t...

7.5CVSS6.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:55 a.m.9 views

CVE-2022-30305

An insufficient logging CWE-778 vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a...

7.5CVSS7.2AI score0.00613EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:45 p.m.9 views

CVE-2020-14635

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Logging. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Obje...

5.3CVSS5.6AI score0.01205EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:23 p.m.9 views

CVE-2020-15581

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 July 2020...

5.3CVSS6.8AI score0.0034EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 p.m.11 views

CVE-2020-11294

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

7.8CVSS7.2AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:47 p.m.12 views

CVE-2020-10641

An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway versions prior to 8.0.10, causing a denial-of-service condition...

7.5CVSS6.8AI score0.01278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.17 views

CVE-2019-10345

Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export...

5.5CVSS7AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 a.m.4 views

CVE-2018-21043

An issue was discovered on Samsung mobile devices with O8.x and P9.0 Exynos 9810 chipsets software. There is information disclosure about a kernel pointer in the g2ddrv driver because of logging. The Samsung ID is SVE-2018-13035 December 2018...

3.3CVSS6.3AI score0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 11:10 p.m.12 views

CVE-2004-0481

The logging feature in kcmsconfigure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCSClogFile file...

2.1CVSS6.8AI score0.00287EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/19 4:15 a.m.11 views

Sensitive Information Exposure

org.apache.iotdb:node-commons is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper sanitization and logging of sensitive authentication data by the OpenIdAuthorizer component. Specifically, sensitive information such as credentials or tokens is inserted directly...

7.5CVSS6.6AI score0.00709EPSS
Exploits0References7Affected Software2
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.3 views

Portworx Backup 安全漏洞

Portworx Backup is a Kubernetes backup solution from Portworx that allows you to backup and restore applications and their data across multiple clusters. A security vulnerability exists in Portworx Backup that stems from the possibility of logging sensitive information under certain conditions...

8.4CVSS6.5AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2025/05/15 10:15 p.m.13 views

CVE-2025-47287

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

7.5CVSS0.00667EPSS
Exploits0References3
OSV
OSV
added 2025/05/15 10:15 p.m.5 views

AZL-61866 CVE-2025-47287 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

7.5CVSS6.7AI score0.00667EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/30 11:47 a.m.6 views

CVE-2025-24351

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request...

8.8CVSS7.6AI score0.00662EPSS
Exploits0References1
NVD
NVD
added 2025/04/28 11:15 p.m.19 views

CVE-2025-46328

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...

7CVSS0.00141EPSS
Exploits0References2
CVE
CVE
added 2025/04/28 10:33 p.m.76 views

CVE-2025-46328

CVE-2025-46328 affects the Snowflake Node.js driver. Versions 1.10.0 up to (but not including) 2.0.4 are vulnerable to a TOCTOU race in the Linux/macOS Easy Logging configuration check: the driver validates that the logging config file is writable only by the owner, but the check can be bypassed,...

7CVSS3.9AI score0.00141EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder