47 matches found
EUVD-2021-24741
Malware in sbrugna...
EUVD-2023-33996
Malicious code in bioql PyPI...
EUVD-2022-42266
Malicious code in bioql PyPI...
CVE-2023-2514
Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization...
CVE-2022-39821
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem...
CVE-2021-38283
Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...
CVE-2013-3272
EMC Replication Manager RM before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack...
uberAgent - CVAD Site not visible in Splunk
Splunk dashboard CVAD/DaaS Applications & Desktops does not display CVAD Site on the list. There is no issue with data upload from agent to Splunk as other DDC metrics are available. uberAgent.log file located in C:\Windows\Temp on the Delivery Controller shows the error if you search for:...
CVE-2024-25007
Ericsson Network Manager ENM, versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The...
CVE-2024-8474
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...
CVE-2024-8474
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...
CVE-2024-8474
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...
PT-2025-1013 · Openvpn · Openvpn Connect
Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions prior to 3.5.0 Description: The issue is related to the logging of clear-text private keys in the application log, which can be used by an unauthorized actor to decrypt VPN traffic. This could allow attackers to acces...
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
CVE-2024-9621
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...
PVS SOAP Service Crashes After Running the Auto Update
Provisioning Services Simple Object Access Protocol service crashes after running the Auto Update. The Auto Update feature in Provisioning Services PVS allows a master target to receive an update and roll it out to the target devices. The completion is signaled to the Windows Application log by a...
PT-2024-20696 · Ericsson · Ericsson Network Manager
Name of the Vulnerable Software and Affected Versions: Ericsson Network Manager ENM versions prior to 23.1 Description: The issue is related to the export function of the application log, where improper neutralization of formula elements in a CSV file can lead to code execution or information...