CWE-779
Logging of Excessive Data
Description
The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36072 | Cri | 0.64 | 9.8 | 0.01 | Jun 27, 2024 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious… | ||
| CVE-2025-8696 | Hig | 0.49 | 7.5 | 0.00 | Sep 10, 2025 | If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0. | ||
| CVE-2026-20210 | Med | 0.35 | 5.4 | 0.00 | May 14, 2026 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because… | ||
| CVE-2026-20209 | Med | 0.35 | 5.4 | 0.00 | May 14, 2026 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability… | ||
| CVE-2025-53636 | Med | 0.28 | 5.4 | 0.00 | Jul 11, 2025 | Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and… | ||
| CVE-2025-69230 | 0.00 | — | 0.00 | Jan 5, 2026 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of… | |||
| CVE-2025-53651 | 0.00 | — | 0.00 | Jul 9, 2025 | Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log. | |||
| CVE-2025-53650 | 0.00 | — | 0.00 | Jul 9, 2025 | Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log. | |||
| CVE-2024-1141 | 0.00 | — | 0.00 | Feb 1, 2024 | A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. |
- risk 0.64cvss 9.8epss 0.01
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious…
- risk 0.49cvss 7.5epss 0.00
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.
- risk 0.35cvss 5.4epss 0.00
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because…
- risk 0.35cvss 5.4epss 0.00
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability…
- risk 0.28cvss 5.4epss 0.00
Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and…
- CVE-2025-69230Jan 5, 2026risk 0.00cvss —epss 0.00
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of…
- CVE-2025-53651Jul 9, 2025risk 0.00cvss —epss 0.00
Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log.
- CVE-2025-53650Jul 9, 2025risk 0.00cvss —epss 0.00
Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
- CVE-2024-1141Feb 1, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.