GHSA-MGH5-4H95-QJ4P Information Exposure in Snyk Broker

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG...

CVE-2020-7654

CVE-2020-7654 affects snyk-broker: all versions before 4.73.1 are vulnerable to information exposure because private keys can be logged when the logger is at DEBUG level. The issue is reported consistently across multiple sources (Red Hat, GHSA, NVD, OSV, CNVD, Veracode, etc.). No additional tech...

CVE-2020-7654

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG...

CVE-2018-5742

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 - bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also ...

F5 Networks BIG-IP : BIG-IP APM logging disclosure vulnerability (K37890841)

The BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled.CVE-2019-19150 Impact The BIG-IP APM system logs the client-session-id in the log files and is available to authenticated administrators of the system. C Tenable...

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

Code injection

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

CVE-2019-19150

The CVE-2019-19150 issue affects BIG-IP APM and causes the system to log the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. Affected versions per published advisories include 15.0.0–15.0.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1, 1...

CVE-2019-19150

On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled...

CVE-2019-11293 UAA logs all query parameters with debug logging level

Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs clientsecret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters...

Information disclosure

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

yum security, bug fix, and enhancement update

createrepoc 0.11.0-3 - Backport patch to switch off timestamps on documentation in order to remove file conflicts RhBug:1738788 0.11.0-2 - Consistently produce valid URLs by prepending protocol. RhBug:1632121 - modifyrepoc: Prevent doubling of compression test.gz.gz RhBug:1639287 - Correct pkg...

CVE-2019-16206

The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information...

Red Hat Undertow Log Message Disclosure Vulnerability

Red Hat Undertow is a U.S. Red Hat Red Hat, a Java-based embedded Web server, is the default Web server Wildfly Java application server. A log information disclosure vulnerability exists in the DEBUG logging in Red Hat Undertow versions prior to 2.0.20. The vulnerability stems from the abnormal...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

Introducing Serverless Computing at the Edge with Akamai EdgeWorkers

For the first time, Akamai is introducing an all-new serverless compute capability to help you customize web traffic, expanding the possibilities of personalized engagement with your customers while putting the flexibility and control in the hands of your developers. Developers can now manipulate...

undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files

A flaw was found in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user’s credentials from the log files...

DEBIAN-CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...