CVE-2024-49201

Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...

CVE-2023-23591

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1...

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

CVE-2018-20870

The WebDAV transport feature in cPanel before 76.0.8 enables debug logging SEC-467...

CVE-2013-3287

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console...

CVE-2019-6648

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service CIS for Kubernetes and Red Hat OpenShift k8s-bigip-ctlr log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration...

xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...

Insertion Of Sensitive Information Into Log Files

org.apache.activemq:artemis-project is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improper handling of sensitive data in debug logging and the ConfigurationImpl logger exposing all broker property values, including credentials or tokens. It allows ...

Insertion of Sensitive Information into Log File

Overview org.apache.activemq:artemis-core-client is a High-performance, non-blocking architecture for the next generation of event-driven messaging applications. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File when the ConfigurationImpl logger ...

PT-2025-29014

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's wifi subsystem, specifically within the ath12k driver. A null access issue occurs in the assign channel context handler when ath12k mac assign vif t...

CVE-2025-27496

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption...

CVE-2025-27496

Summary: CVE-2025-27496 affects Snowflake JDBC Driver versions 3.0.13–3.23.0. When logging level is DEBUG, the driver locally logs the client-side encryption master key of the target stage during GET/PUT, exposing a sensitive key through logs. The issue is not logged server-side and does not by i...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. When the logging level is set to DEBUG, the client-side encryption master key of the target stage is logged locally in a JSON object under the queryStageMasterKey key during the executio...

GHSA-Q298-375F-5Q63 Snowflake JDBC Driver client-side encryption key in DEBUG logs

Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC driver “Driver”. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not...

Snowflake JDBC Driver 日志信息泄露漏洞

Snowflake JDBC Driver is an open source Snowflake JDBC driver from Snowflake Computing. A log information disclosure vulnerability exists in Snowflake JDBC Driver versions 3.0.13 through 3.23.0, which stems from the Driver locally logging the client-side encryption master key for the target phase...

DEBIAN-CVE-2022-49300

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbdallocconfig and module removal When nbd module is being removing, nbdallocconfig may be called concurrently by nbdgenlconnect, although trymoduleget will return false, but nbdallocconfig doesn't handle it...

Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...

GHSA-V3VC-6QCV-4VRX Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...

SUSE CVE-2025-24034

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...

CVE-2025-24034

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...