LabF Axessh 安全漏洞

LabF Axessh is a security terminal client software developed by LabF Corporation. Version 4.2 of LabF Axessh contains a security vulnerability. This vulnerability stems from a log configuration that exposes a denial-of-service vulnerability, which could allow local attackers to cause the...

Insertion of Sensitive Information into Log File

Overview org.apache.zookeeper:zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via logging...

CVE-2026-2853

A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated...

CVE-2025-64348

CVE-2025-64348 affects ELOG (ELOG

EUVD-2017-18209

Malware in sbrugna...

EUVD-2021-14870

Malware in sbrugna...

EUVD-2024-20845

Malicious code in bioql PyPI...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

ALPINE-CVE-2024-47252

Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...

Snowflake snowflake-connector-nodejs 安全漏洞

Snowflake snowflake-connector-nodejs is a Snowflake connector for NODEJS from Snowflake, Inc. A security vulnerability exists in Snowflake snowflake-connector-nodejs versions prior to 1.10.0 through 2.0.4, which stems from a TOCTOU competitive condition that could result in log configuration bein...

Snowflake gosnowflake 安全漏洞

Snowflake gosnowflake is a golang implementation of the id issuer from Snowflake USA. A security vulnerability exists in Snowflake gosnowflake versions prior to 1.7.0 through 1.13.3, which stems from a TOCTOU contention condition that could result in log configuration being overwritten...

CVE-2025-25294

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

CVE-2025-25294 Envoy Gateway Log Injection Vulnerability

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

CVE-2025-25294 Envoy Gateway Log Injection Vulnerability

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

CVE-2025-24884 kube-audit-rest's example logging configuration could disclose secret values in the audit log

kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16...

ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as...

ansible-core: possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLENOLOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as...

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...