303 matches found
OESA-2025-1554 python-tornado security update
Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the...
CVE-2024-20457
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentia...
CVE-2023-34223
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases...
CVE-2023-51712
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function...
CVE-2023-51390
journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in t...
CVE-2022-30305
An insufficient logging CWE-778 vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a...
CVE-2020-14635
Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Logging. Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Obje...
CVE-2020-15581
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 July 2020...
CVE-2020-11294
Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...
CVE-2020-10641
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway versions prior to 8.0.10, causing a denial-of-service condition...
CVE-2019-10345
Jenkins Configuration as Code Plugin 1.20 and earlier did not treat the proxy password as a secret to be masked when logging or encrypted for export...
CVE-2018-21043
An issue was discovered on Samsung mobile devices with O8.x and P9.0 Exynos 9810 chipsets software. There is information disclosure about a kernel pointer in the g2ddrv driver because of logging. The Samsung ID is SVE-2018-13035 December 2018...
CVE-2004-0481
The logging feature in kcmsconfigure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCSClogFile file...
Sensitive Information Exposure
org.apache.iotdb:node-commons is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper sanitization and logging of sensitive authentication data by the OpenIdAuthorizer component. Specifically, sensitive information such as credentials or tokens is inserted directly...
Portworx Backup 安全漏洞
Portworx Backup is a Kubernetes backup solution from Portworx that allows you to backup and restore applications and their data across multiple clusters. A security vulnerability exists in Portworx Backup that stems from the possibility of logging sensitive information under certain conditions...
CVE-2025-47287
Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...
AZL-61866 CVE-2025-47287 affecting package python-tornado 6.3.3-11
Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...
CVE-2025-24351
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request...
CVE-2025-46328
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...
CVE-2025-46328
CVE-2025-46328 affects the Snowflake Node.js driver. Versions 1.10.0 up to (but not including) 2.0.4 are vulnerable to a TOCTOU race in the Linux/macOS Easy Logging configuration check: the driver validates that the logging config file is writable only by the owner, but the check can be bypassed,...