Incorrect Type Conversion or Cast

Overview loggingredactor is a Redact data in logs based on regex filters and keys Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast via the RedactingFilter.redact method which converts all datatypes to string. An attacker can cause type errors and disrupt...

CLSA-2025-1764281284 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - emailerrdata directive now defaults to 'off' for security previously 'on'...

CLSA-2025-1764151964 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure - emailerrdata directive now defaults to 'off' for security previously 'on'...

CLSA-2025-1763543346 squid: Fix of CVE-2025-62168

CVE-2025-62168: Fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...

CLSA-2025-1763024537 squid: Fix of CVE-2025-62168

CVE-2025-62168: fix failure to redact HTTP authentication credentials in error handling to prevent information disclosure...

Insertion of Sensitive Information into Log File

Overview local-deep-research is an AI-powered research assistant with deep, iterative analysis using LLMs and web searches Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the logging of sensitive configuration data by the startresearch...

CVE-2024-47805

Jenkins Credentials Plugin 1380.va435002fa924 and earlier, except 1371.1373.v4ebfab7161e9, does not redact encrypted values of credentials using the SecretBytes type when accessing item config.xml via REST API or CLI...

ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

Unredacting Pixelated Text

Experiments in unredacting text that has been pixelated...

CVE-2022-30350

Avanquest Software RAD PDF PDFEscape Online 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying tex...

Design/Logic Flaw

Avanquest Software RAD PDF PDFEscape Online 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying tex...

Code injection

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

Improper beacon events in matrix-js-sdk can result in availability issues

Impact Improperly formed beacon events from MSC3488 can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data...

DEBIAN-CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

GHSA-WM2R-RP98-8PMH Exposure of SSH credentials in Rancher/Fleet

Impact This vulnerability only affects customers using Fleet for continuous delivery with authenticated Git and/or Helm repositories. A security vulnerability CVE-2022-29810 was discovered in go-getter library in versions prior to v1.5.11 that exposes SSH private keys in base64 format due to a...