CVE-2024-37283

An issue was discovered whereby Elastic Agent will leak secrets from the agent policy elastic-agent.yml only when the log level is configured to debug. By default the log level is set to info, where no leak occurs...

Provisioning Services Console Error is Displayed During KMS Activation

When changing a virtual disk vDisk in private mode to KMS activation and then changing the mode to standard image modeor changing the activation procedure to KMS for a vDisk in standard image mode, the following error message appears, which can be seen in the console.log when in debug level or in...

SUSE CVE-2024-38590

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdeverr to ibdeverrratelimited, and change the printing level of cqe dump to debug level...

CVE-2024-38590

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdeverr to ibdeverrratelimited, and change the printing level of cqe dump to debug level...

UBUNTU-CVE-2024-38590

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdeverr to ibdeverrratelimited, and change the printing level of cqe dump to debug level...

CVE-2024-38590

CVE-2024-38590 affects the Linux kernel RDMA/hns path where excessive CQE error printing could panic the kernel. The fix changes ibdev_err() to ibdev_err_ratelimited() and lowers the CQE dump printing level to debug, per the provided commits (Git kernel stable history). Connected Nessus entries r...

CVE-2024-38590 RDMA/hns: Modify the print level of CQE error

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdeverr to ibdeverrratelimited, and change the printing level of cqe dump to debug level...

CVE-2024-38590 RDMA/hns: Modify the print level of CQE error

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdeverr to ibdeverrratelimited, and change the printing level of cqe dump to debug level...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to login failures being logged at the "warning" level instead of the "debug" level, which exposes plain text credential information...

glance-store: Glance Store access key logged in DEBUG log level

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

GHSA-F6MM-5FC7-3G3C goreleaser shows environment by default

Summary Since 4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet or run goreleaser later in a container, or...

flask-cors vulnerable to log injection when the log level is set to debug

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

GHSA-84PR-M4JR-85G5 flask-cors vulnerable to log injection when the log level is set to debug

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

UBUNTU-CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

USN-6630-1 python-glance-store vulnerability

It was discovered that Glancestore incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain accesskey values...

SUSE CVE-2024-1141

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

glance-store logs s3 access keys

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

Authorization

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

CVE-2023-46675 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Elastic has released Kibana 8.11.2 which resolves this issue. The messages recorded in the log may contain Accou...

Elastic Beats inserts sensitive information into log file

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...