Vulnerabilities (CVE)

Filtered by CWE-1295
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45784 2024-11-21 N/A 7.5 HIGH
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.
CVE-2024-38516 2024-11-21 N/A 8.8 HIGH
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.
CVE-2024-27179 2024-11-21 N/A 4.7 MEDIUM
Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL.
CVE-2023-5392 2024-11-21 N/A 7.5 HIGH
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-4215 1 Advantech 1 Webaccess 2024-11-21 N/A 6.5 MEDIUM
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
CVE-2023-28077 1 Dell 1 Bsafe Ssl-j 2024-11-21 N/A 4.4 MEDIUM
Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 contain a debug message revealing unnecessary information vulnerability. This may lead to disclosing sensitive information to a locally privileged user.
CVE-2024-11217 2024-11-18 N/A 4.9 MEDIUM
A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options.