CVEbaza.plSłownik CWECWE-779
Common Weakness Enumeration

CWE-779

Logging of Excessive Data

Kategoria: BaseCVE: 20
Opis

Produkt rejestruje zbyt wiele informacji, co sprawia, że pliki dziennika są trudne do przetwarzania i może utrudniać odzyskiwanie danych lub analizę śledczą po ataku. Nadmierna ilość logów może prowadzić do problemów z wydajnością systemu i utrudnić identyfikację istotnych zdarzeń bezpieczeństwa.

Description (EN)

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

Podatności CVE z CWE-779 (20)
9.8
CVSS
CRITICAL
CVE-2024-36072

Krytyczna podatność klasy RCE w serwerowej aplikacji Netwrix CoSoSys Endpoint Protector (do wersji 5.9.3) oraz CoSoSys Unify (do wersji 7.0.6) umożliwia nieuwierzytelnionemu atakującemu zdalne wykonanie poleceń systemowych. Zagrożenie jest szczególnie poważne, ponieważ nie wymaga żadnych uprawnień ani interakcji użytkownika.

pub. 2024-06-27
8.6
CVSS
HIGH
CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

pub. 2024-06-10
7.5
CVSS
HIGH
CVE-2026-28718

Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

pub. 2026-03-06
7.5
CVSS
HIGH
CVE-2025-8696

If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.

pub. 2025-09-10
7.5
CVSS
HIGH
CVE-2024-55628

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8.

pub. 2025-01-06
7.5
CVSS
HIGH
CVE-2022-31004

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch.

pub. 2022-06-02
5.5
CVSS
MEDIUM
CVE-2024-1141

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

pub. 2024-02-01
5.5
CVSS
MEDIUM
CVE-2022-22291

Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.

pub. 2022-02-11
5.5
CVSS
MEDIUM
CVE-2021-25420

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

pub. 2021-06-11
5.5
CVSS
MEDIUM
CVE-2021-25421

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

pub. 2021-06-11
5.5
CVSS
MEDIUM
CVE-2021-25422

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

pub. 2021-06-11
5.5
CVSS
MEDIUM
CVE-2021-25423

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.

pub. 2021-06-11
5.4
CVSS
MEDIUM
CVE-2026-20209

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.

pub. 2026-05-14
5.4
CVSS
MEDIUM
CVE-2026-20210

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.

pub. 2026-05-14
5.4
CVSS
MEDIUM
CVE-2025-51397

A stored cross-site scripting (XSS) vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists.

pub. 2025-07-21
5.4
CVSS
MEDIUM
CVE-2025-53636

Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.

pub. 2025-07-11
5.4
CVSS
MEDIUM
CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

pub. 2023-01-26
4.3
CVSS
MEDIUM
CVE-2022-25779

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7.

pub. 2022-05-04
4.0
CVSS
MEDIUM
CVE-2022-39874

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

pub. 2022-10-07
2.7
CVSS
LOW
CVE-2025-69230

AIOHTTP to asynchroniczny framework HTTP client/server dla asyncio i Python. W wersjach 3.13.2 i starszych odczytanie wielu nieprawidłowych cookies może prowadzić do burzy logowania. Jeśli atrybut cookies jest dostępny w aplikacji, atakujący może wyzwolić lawinę logów na poziomie ostrzeżenia, używając specjalnie spreparowanego nagłówka Cookie. Problem został naprawiony w wersji 3.13.3.

pub. 2026-01-06
Informacje
ID: CWE-779
Typ: Base
Podatności: 20
MITRE CWE ↗
← Słownik CWE