324 matches found
GHSA-V3VC-6QCV-4VRX Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
SUSE CVE-2025-24034
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
CVE-2025-24034
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
CVE-2025-24034 Himmelblau leaks credentials in the debug log
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
CVE-2025-24034 Himmelblau leaks credentials in the debug log
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...
PT-2025-5270 · Microsoft · Intune +1
Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.7.0 through 0.7.14 Himmelblau versions 0.8.0 through 0.8.2 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debug logging is enabled, user access tokens are inadvertently...
DEBIAN-CVE-2024-47809
In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...
AZL-56166 CVE-2024-47809 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...
CVE-2024-49201
Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...
CVE-2024-49201
Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...
CVE-2024-49201
CVE-2024-49201 affects Keyfactor Remote File Orchestrator (remote-file-orchestrator) before 2.8.1. The issue is information disclosure via debug logging, exposing sensitive data at logging level. Affected version range: 2.8 and earlier; fixed in 2.8.1 (per sources). Impact is information leakage;...
CVE-2024-49201
Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...
CVE-2024-49201
Keyfactor Remote File Orchestrator aka remote-file-orchestrator 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level...
Log Injection
org.apache.nifi, nifi is vulnerable to Log Injection. The vulnerability is due to the optional debug logging feature, which allows an authorized administrator to enable detailed logging of Parameter Context values during flow synchronization...
SUSE-SU-2024:4106-1 Security update for tomcat
This update for tomcat fixes the following issues: - Update to Tomcat 9.0.97 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt + Add:...
CVE-2024-52067
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
CVE-2024-52067
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
CVE-2024-52067 Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causi...
Apache NiFi 日志信息泄露漏洞
Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A log information disclosure vulnerability exists in Apache NiFi versions 1.16.0 to 1.28.0 and 2.0.0-M1 to 2.0.0-M4,...