54 matches found
Astra Linux - уязвимость в qemu
A flaw was discovered in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can result in the callback being fired later, thereby causing a use-after-free when using the channel. This vulnerability can be exploited by a malicious...
Sensitive Information Disclosure
Apache Kafka is vulnerable to Sensitive Information Disclosure. The vulnerability is due to logging of sensitive request and response data at DEBUG level in the NetworkClient component, which allows an attacker with log access to obtain sensitive information...
BIT-KAFKA-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
GHSA-WF66-MPHR-4C4R Apache Kafka exposes sensitive information in its DEBUG logs
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
CVE-2026-33558
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
CVE-2026-33558
CVE-2026-33558 affects Apache Kafka: the NetworkClient logs sensitive information at DEBUG level, exposing full requests/responses for certain APIs (AlterConfigsRequest, AlterUserScramCredentialsRequest, ExpireDelegationTokenRequest, IncrementalAlterConfigsRequest, RenewDelegationTokenRequest, Sa...
CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
PT-2026-33644
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...
EUVD-2008-5024
Malware in sbrugna...
EUVD-2015-1904
Malware in sbrugna...
EUVD-2022-37743
Malicious code in bioql PyPI...
Shenzhen Libituo Technology LBT-T300-T400 安全漏洞
The Shenzhen Libituo Technology LBT-T300-T400 is an industrial router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-T400 v.3.2, which is caused by a buffer overflow vulnerability that can be exploited by a local attacker to...
CVE-2022-34837
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon...
Debian DLA-2786-1 : nghttp2 - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2786 advisory. - nghttp2 version = 1.10.0 and nghttp2 = 1.31.1. CVE-2018-1000168 - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial ...
GHSA-H7QH-3H6F-W79P Unexpected panic in multihash
In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...
DLL Hijacking Vulnerability in Tianyi Campus Network Client
Sky Campus Network Client is a campus broadband connection tool for students. A DLL hijacking vulnerability exists in Tianyi Campus Network Client, which can be exploited by attackers to gain server control privileges...
Unexpected panic in multihash `from_slice` parsing code
In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows...
CVE-2018-1000168
nghttp2 version = 1.10.0 and nghttp2 = 1.31.1...