CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

CVE-2023-53639

Technical details about CVE-2023-53639 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories to obtain affected products, versions, and remediation information.

CVE-2021-32767

TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3...

Elasticsearch Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...

Log Injection

flask-cors is vulnerable to Log Injection when the log level is set to debug. The vulnerability is due to improper output neutralization for logs within extension.py. This allows attackers to insert fake log entries through specially crafted GET requests containing CRLF sequences in the request...

CVE-2024-1681

corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files,...

Design/Logic Flaw

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

K31757417: The BIG-IP APM system may log passwords in plaintext when the Debug log level is enabled

Security Advisory Description This issue occurs when all of the following conditions are met: You enable the Debug log level for the access policy. You configure the access policy on the BIG-IP APM system with either of the following: Citrix Login prompt with two-factor authentication Logon page...

EPA scan results are not getting displayed in ns.log when EPA policies are configured through N-Factor Authentication.

When EPA policies are configured through N-Factor Authentication, then EPA Scan results will not be displayed in the ns.log despite Debug log level is enabled...

CVE-2020-13881

In support.c in pamtacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used...

CVE-2019-10213

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator b...

RHEL 7 : bind (RHSA-2019:0194)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0194 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C Tenable...

How to Enable DEBUG Log Level for Syslog Events on the NetScaler

This article describes how to enable DEBUG log level for syslog events on NetScaler. Enabling DEBUG level for syslog events will allow you to capture detailed information that is not recorded by default in ns.log file. Note : The DEBUG level should be disabled upon finishing the troubleshooting...

Moderate: Red Hat Security Advisory: python-keystoneclient security and bug fix update

Updated python-keystoneclient packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...