Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the provider debug logging. An attacker can obtain sensitive information such as passwords, StackScript content, and object storage data by accessing provider debug logs when it is...

PT-2026-22075

Name of the Vulnerable Software and Affected Versions Terraform Provider for Linode versions prior to 3.9.0 Description The Terraform Provider for Linode logged sensitive information, including passwords, StackScript content, and object storage data, in debug logs without redaction. This issue is...

CVE-1999-0795

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to logging as unsanitized plaintext. An attacker can gain unauthorized access to sensitive information and potentially escalate privileges by accessing unsanitized logs containing...

EUVD-1999-0776

Malware in sbrugna...

Contrast leaks workload secrets to logs on INFO level

This is the same vulnerability as https://github.com/edgelesssys/contrast/security/advisories/GHSA-h5f8-crrq-4pw8. The original vulnerability had been fixed for release v1.8.1, but the fix was not ported to the main branch and thus not present in releases v1.9.0 ff. Below is a brief repetition of...

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

PT-2024-9866

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS versions 10.X and 11.X, including Prisma Access. Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious...

PT-2024-8680 · Unknown · Microscada X Sys600

Name of the Vulnerable Software and Affected Versions: MicroSCADA X SYS600 affected versions not specified Description: The issue is related to bypassing the authentication procedure in the MicroSCADA X SYS600 system. An attacker with local access to the machine where MicroSCADA X SYS600 is...

WP Logs Book <= 1.0.1 - Disable Logging via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open an HTML file containing:...

PT-2024-5072 · Nozomi · Nozomi Central Management Console +1

Name of the Vulnerable Software and Affected Versions: Nozomi Guardian and Nozomi Central Management Console CMC affected versions not specified OpenAPI affected versions not specified Description: The issue is related to insufficient protection of audit records for OpenAPI requests, which may...

PT-2024-23579 · Unknown · Ros2 Galactic Geochelone

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions 2 Description: An insecure logging issue allows attackers to obtain sensitive information due to inadequate security measures in the logging mechanisms. Recommendations: For ROS2 Galactic Geochelone version 2...

Insertion of Sensitive Information into Log

Impact If successful login attempts are recorded, the raw tokens are stored in the log table. If a malicious person somehow views the data in the log table, he or she can obtain a raw token, which can then be used to send a request with that user's authority. When you 1 use the following...

SUSE CVE-2014-1595

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by...

SUSE CVE-2021-32801

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...

CVE-2023-22733

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issu...

PT-2023-18675 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware versions prior to 6.4.18.1 Description: The log module in Shopware writes out all kinds of sent mails, potentially allowing an attacker with access to local system logs or a centralized logging store to access other users' accounts...

DEBIAN-CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

UBUNTU-CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...