49 matches found
CVE-2013-3273
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file...
kernel: wifi: iwlwifi: mvm: don't read past the mfuart notifcation
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the...
CVE-2023-30610 AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...
PT-2023-3900 · Amazon · Aws-Sigv4
Name of the Vulnerable Software and Affected Versions: aws-sigv4 versions prior to 0.55.1 aws-sigv4 version 0.54.2 aws-sigv4 version 0.53.2 aws-sigv4 version 0.52.1 aws-sigv4 version 0.51.1 aws-sigv4 version 0.50.1 aws-sigv4 version 0.49.1 aws-sigv4 version 0.48.1 aws-sigv4 version 0.47.1 aws-sig...
SUSE CVE-2018-3827
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure formerly elasticsearch-cloud-azure plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged...
SUSE CVE-2020-11019
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOGTRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0...
SUSE CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...
Etl-Parser - Event Trace Log File Parser In Pure Python
Event Trace Log file reader in pure Python etl-parser is a pure Python 3 parser library for ETL Windows log files. ETL is the default format for ETW as well as the default format for the Kernel logger. etl-parser has no system dependencies, and will work well on both Windows and Linux. Since this...
CVE-2020-15380
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level...
Design/Logic Flaw
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level...
CVE-2020-15380
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level...
httpd: mod_http2 concurrent pool usage
A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...
BSA-2021-1482
Security Advisory ID : BSA-2021-1482 Component : Logging Revision : 1.0 Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. Affected Products Brocade SANnav versions before SANnav 2.1.1...
ALPINE-CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...
CVE-2019-16206
The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information...
IBM Spectrum Protect Server Information Disclosure Vulnerability
IBM Spectrum Protect Server is a suite of data protection platforms from IBM in the United States that provide organizations with a single point of control and management and support for backup and recovery of virtual, physical and cloud environments of all sizes. A security vulnerability exists ...
CVE-2018-3827
A sensitive data disclosure flaw was found in the Elasticsearch repository-azure formerly elasticsearch-cloud-azure plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged...
CVE-2015-1849
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform EAP before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled...
Cross site scripting
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform EAP before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled...
CVE-2015-1849
AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform EAP before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled...