CVE-2023-44483

CVE-2023-44483 affects Apache Santuario – XML Security for Java; all versions prior to 2.2.6, 2.3.4, and 3.0.3 are vulnerable when using the JSR 105 API. The issue can disclose a private key in log files during XML Signature generation if debug logging is enabled, impacting confidentiality. Remed...

Medium: cups

Issue Overview: OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers...

CVE-2023-21496

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability in SAMSUNG Mobile devices SMR May-2023 Release 1 previously existed in ActivityManagerService that allowed an attacker to use...

PT-2023-18250 · Unknown · Activitymanagerservice

Name of the Vulnerable Software and Affected Versions: ActivityManagerService versions prior to SMR May-2023 Release 1 Description: The issue allows an attacker to utilize a debug function by setting the debug level, potentially exploiting the Active Debug Code vulnerability in...

Siemens SICAM A8000 Web Server Module Improper Access Control (CVE-2021-46304)

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70C All versions, CP-8000 MASTER MODULE WITH I/O -40/+70C All versions, CP-8021 MASTER MODULE All versions, CP-8022 MASTER MODULE WITH GPRS All versions. The component allows to activate a web server module which provides...

K10248311: The apmd process logs clear the text password in an iRule when in debug mode

Security Advisory Description This issue occurs when all of the following conditions are met: You have licensed and provisioned the BIG-IP APM module. You have configured the apmd process to log at the debug level. You have configured the BIG-IP APM virtual server to run an access policy using an...

SUSE CVE-2001-0168

Buffer overflow in AT&T WinVNC Virtual Network Computing server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0...

SUSE CVE-2009-3889

The dbglvl file for the megaraidsas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the 1 behavior and 2 logging level of the driver by modifying this file...

Private key is logged at DEBUG level when accidentally entered into SSH page

When a user uploads their public SSH key, Bitbucket will log the submitted data at DEBUG level if the key is invalid. Unfortunately, if a user mistakenly uploads their private key, this will be logged: noformat username SECO1Qx158x13421x0 3omfyq 123.45.67.89,12.34.56.78 "POST...

CVE-2022-31186

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

Information disclosure

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

CVE-2022-31186 Leakage of excessive information into log in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

CVE-2022-31186 Leakage of excessive information into log in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

GHSA-M833-87VF-576C ovirt-engine Logs Plaintext Passwords To File

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

ovirt-engine Logs Plaintext Passwords To File

ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to...

sssd security update

2.4.0-9.0.1 - Restore default debug level for ssscache Orabug: 32810448 - Restore default debug level for shadow-utils tools Orabug: 32810448 - Revert Redhat's change of disallowing duplicated incomplete gid when 'idprovider=ldap' is used, which caused regression in AD environment. Orabug: 292867...

PT-2021-19916 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.27 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue concerns the logging of user credentials in plain-text when the log level is set to debug, which is not the...

ALBA-2021:2571 sssd bug fix and enhancement update

The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...

sssd bug fix and enhancement update

The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...