Lucene search
K

330 matches found

WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.18 views

Paid Memberships Pro < 2.12.7 - Information Exposure in Debug Logs

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.12.6 via debug logs. This makes it possible for unauthenticated attackers to extract sensitive data including user passwords through debug logs...

6.9AI score
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/27 2:12 a.m.12 views

USN-6662-1 openjdk-21 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

7.4CVSS7.1AI score0.00911EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.5 views

PT-2024-15242 · WordPress · Backup Bolt

Name of the Vulnerable Software and Affected Versions: Backup Bolt WordPress plugin versions 1.3.0 and earlier Description: The issue allows unauthenticated attackers to access debug logs, potentially exposing sensitive information such as system errors. This could lead to information exposure,...

4.7CVSS9.4AI score0.0055EPSS
Exploits2References7
WPVulnDB
WPVulnDB
added 2024/02/20 12:0 a.m.12 views

Backup Bolt < 1.4.0 - Sensitive Data Exposure

Description The plugin is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. PoC Access the error lo...

9.2AI score0.0055EPSS
Exploits2References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/02/13 5:7 p.m.5 views

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS7AI score0.01212EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.2 views

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS7AI score0.01212EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.4 views

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS7AI score0.01212EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/13 4:55 p.m.5 views

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS7AI score0.01212EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/07 8:37 a.m.4 views

santuario: Private Key disclosure in debug-log output

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS7AI score0.01212EPSS
Exploits0References6
NVD
NVD
added 2024/02/01 3:15 p.m.38 views

CVE-2024-1141

A vulnerability was found in python-glance-store. The issue occurs when the package logs the accesskey for the glance-store when the DEBUG log level is enabled...

5.5CVSS5.4AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/02/01 12:16 a.m.3 views

SUSE CVE-2024-23840

GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0...

5.5CVSS6.9AI score0.0032EPSS
Exploits1References3
Veracode
Veracode
added 2024/01/31 6:31 a.m.18 views

Sensitive Information Into Log File

github.com/goreleaser/goreleaser is vulnerable to Information Exposure. The vulnerability is due to a flaw in the handling of debug logs WithField"env", c.Env which is used to log environment variables., The goreleaser release --debug command includes sensitive information such as secrets or...

5.5CVSS6.4AI score0.0032EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/01/30 8:57 p.m.19 views

`goreleaser release --debug` shows secrets

Summary Hello 👋 goreleaser release --debug log shows secret values used in the in the custom publisher. How to reproduce the issue: - Define a custom publisher as the one below. Make sure to provide a custom script to the cmd field and to provide a secret to env .goreleaser.yml publishers: - name...

5.5CVSS6.8AI score0.0032EPSS
Exploits1References4Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/30 12:0 a.m.18 views

Debug Log Manager < 2.2.2 - Debug Log Clearing via CSRF

Description The plugin does not have CSRF checks when clearing debug logs, which could allow attackers to make logged in admins perform such action via a CSRF attack...

4.3CVSS6.8AI score0.00259EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.7 views

EWWW Image Optimizer < 7.2.1 - Sensitive Information Exposure

Description The EWWW Image Optimizer for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.2.0 due to the plugin saving debug logs in predictable locations. This can allow unauthenticated attackers to obtain information about installation paths, file...

6.8AI score
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/14 6:15 p.m.3 views

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

3.3CVSS5.8AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2023/10/20 10:15 a.m.2 views

UBUNTU-CVE-2023-44483

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

6.5CVSS6.7AI score0.01212EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/10/12 11:15 p.m.4 views

CVE-2023-41263

An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information...

3.7CVSS5.8AI score0.00413EPSS
Exploits1References2
OSV
OSV
added 2023/10/12 11:15 p.m.6 views

CVE-2023-41263

An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information...

3.7CVSS5.8AI score0.00413EPSS
Exploits1References1
NVD
NVD
added 2023/10/12 11:15 p.m.16 views

CVE-2023-41263

An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information...

3.7CVSS4.3AI score0.00413EPSS
Exploits1References1
Rows per page
Query Builder