Improper Output Handling

Apache Log4j is vulnerable to Improper Output Handling. The vulnerability is due to JsonTemplateLayout generating invalid JSON when processing non-finite floating-point values e.g., NaN, Infinity, which are not compliant with RFC 8259, allowing attacker-controlled data in log events to produce...

openITCOCKPIT 代码问题漏洞

openITCOCKPIT is an open-source system monitoring software. Versions of openITCOCKPIT 5.3.1 and earlier have code vulnerabilities. These vulnerabilities stem from unsafe PHP deserialization patterns when processing change log entries, which may lead to potential PHP object injection vulnerabiliti...

CVE-2025-12755 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

IBM MQ Operator SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29 and IBM‑supplied MQ Advanced container images across affected SC2, CD, and LTS 9.3.x–9.4.x releases contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2017-18423

In cPanel before 66.0.2, domain log files become readable after log processing SEC-273...

CVE-2019-20496

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

CVE-2025-64333

CVE-2025-64333 : Suricata before 7.0.13 and 8.0.2 can stack overflow when logging a large HTTP content type; patched in 7.0.13/8.0.2. Workarounds include limiting stream.reassembly.depth to less than half the stack size; increasing process stack size reduces trigger likelihood.

Structuring Security: A Survey of Cybersecurity Ontologies, Semantic Log Processing, and LLMs Application

This survey investigates how ontologies, semantic log processing, and Large Language Models LLMs enhance cybersecurity. Ontologies structure domain knowledge, enabling interoperability, data integration, and advanced threat analysis. Security logs, though critical, are often unstructured and...

CVE-2025-27040

Information disclosure may occur while processing the hypervisor log...

CVE-2025-27040

CVE-2025-27040 affects Qualcomm TZ Firmware in chipsets; root cause is improper input validation when processing hypervisor logs, leading to information disclosure (confidentiality impact). Reported across Red Hat/NVD/CVE listings with no confirmed exploit details. Some sources note no public fix...

EUVD-2025-33243

Information disclosure may occur while processing the hypervisor log...

EUVD-2017-9539

Malware in sbrugna...

EUVD-2019-11040

Malware in sbrugna...

EUVD-2017-9544

Malware in sbrugna...

EUVD-2025-19112

Malicious code in bioql PyPI...

CVE-2025-52893 OpenBao May Leak Sensitive Information in Logs When Processing Malformed Data

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate from the earlier HCSEC-2025-09 / CVE-2025-4166. Th...

[SECURITY] Fedora 42 Update: syslog-ng-4.8.2-1.fc42

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

[SECURITY] Fedora 41 Update: syslog-ng-4.8.2-1.fc41

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analyzing system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit version 3.7.2, which stems from a flaw in the consumeevent function that could lead to a denial of service...

SUSE CVE-2011-1488

A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent...