CVE-2025-12772

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

PT-2026-5696

Name of the Vulnerable Software and Affected Versions Brocade SANnav versions prior to 2.4.0b Description Brocade SANnav before version 2.4.0b improperly handles logging of the Brocade Fabric OS Switch admin password. The password is logged in clear text within the SANnav support save logs...

Versa Concerto Improper Authentication Vulnerability

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs...

EUVD-2025-16087

Malicious code in bioql PyPI...

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

PT-2025-22440

Name of the Vulnerable Software and Affected Versions Versa Concerto versions 12.1.2 through 12.2.0 Description The Versa Concerto SD-WAN orchestration platform has an authentication bypass issue in the Traefik reverse proxy configuration. This allows an attacker to access administrative endpoint...

[SECURITY] Fedora 40 Update: jol-0.17-5.fc40

JOL Java Object Layout is a tiny toolbox to analyze Java object layouts. These tools use Unsafe, JVMTI, and Serviceability Agent SA heavily to decode the actual object layout, footprint, and references. This makes JOL much more accurate than other tools relying on heap dumps, specification...

CVE-2022-38112

In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext...

PT-2023-13593 · Dpa · Dpa

Name of the Vulnerable Software and Affected Versions: DPA versions 2022.4 and earlier Description: The issue concerns generated heap memory dumps that contain sensitive information in cleartext. Recommendations: For DPA versions 2022.4 and earlier, at the moment, there is no information about a...

CVE-2021-0693

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Heap overflow

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2021-0693

CVE-2021-0693 pertains to Android 11 and involves the HeapDumpProvider.java openFile path, where an unprotected provider could allow retrieving generated heap dumps from debuggable apps. This creates a local information disclosure risk without requiring privileges or user interaction. The vulnera...

CVE-2021-0693

In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...