329 matches found
Design/Logic Flaw
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
CVE-2021-37842
CVE-2021-37842 affects Couchbase Server 7.0.0 (metakv). The issue arises from using cleartext storage of sensitive information, enabling potential leakage of Remote Cluster XDCR credentials in debug logs when a config key being logged has an attached tombstone purge timestamp. The Connected docum...
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2021-24005
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
Palo Alto Networks Prisma Cloud 日志信息泄露漏洞
Palo Alto Networks Prisma Cloud is a comprehensive cloud-native security platform from US-based Palo Alto Networks, Inc. provides cloud security services. Palo Alto Networks Prisma Cloud Compute suffers from a log information disclosure vulnerability that originates when a secret used to authoriz...
FortiAuthenticator - Hard-coded cryptographic keys used to encrypt sensitive data
Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key...
CVE-2021-25644
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators...
GO-2021-0064 Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go
Authorization tokens may be inappropriately logged if the verbosity level is set to a debug level. This is due to an incomplete fix for CVE-2019-11250...
CVE-2021-25764
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...
CVE-2021-25764
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...
Code injection
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...
CVE-2021-25764
In JetBrains PhpStorm before 2020.3, source code could be added to debug logs...
CVE-2021-25764
PhpStorm (JetBrains) before 2020.3 is affected: the issue lets source code be written into debug logs (“Source code could be added to debug logs”). The vulnerability affects PhpStorm’s logging path and can lead to information disclosure via logs. The issue is tracked as CVE-2021-25764. Remediatio...
Security Bulletin: IBM Verify Gateway PAM components do not set restricted access permission for debug logs (CVE-2020-4405)
Summary To debug the IBM Verify Gateway IVG PAM components, customers can add "trace-file" parameters in the PAM configuration so that .log files are written to the /tmp directory. These debug logs potentially contain sensitive information, and yet they default to world readable. They should have...
McAfee Endpoint Security Access Control Error Vulnerability (CNVD-2020-52034)
McAfee Endpoint Security ENS is the United States McAfee McAfee company's set of framework for providing intelligent collaboration and advanced threat defense. The framework supports the entire threat defense lifecycle of real-time communications control and actionable threat forensics and so on...
CVE-2020-7322
Information Disclosure Vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs...
CVE-2020-7322
Information Disclosure Vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug logs...