Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-1258:Exposure of Sensitive System Information Due to Uncleared Debug Information
Weakness ID:1258
Version:v4.17
Weakness Name:Exposure of Sensitive System Information Due to Uncleared Debug Information
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
11Vulnerabilities found
CVE-2025-14551
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-2.7||LOW
EPSS-0.04% / 13.23%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 15:03
Updated-17 Apr, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Senstive information disclosure was affecting subiquity

In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_subiquityUbuntu
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2025-15480
Assigner-Canonical Ltd.
ShareView Details
Assigner-Canonical Ltd.
CVSS Score-2.7||LOW
EPSS-0.05% / 16.06%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 15:02
Updated-17 Apr, 2026 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Senstive information disclosure was affecting ubuntu-desktop-provision

In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.

Action-Not Available
Vendor-Canonical Ltd.
Product-ubuntu_desktop_provisionUbuntu
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2026-26948
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 17.22%
||
7 Day CHG~0.00%
Published-18 Mar, 2026 | 17:40
Updated-19 Mar, 2026 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-Integrated Dell Remote Access Controller
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2025-26482
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.04% / 13.02%
||
7 Day CHG-0.00%
Published-25 Sep, 2025 | 21:11
Updated-16 Jan, 2026 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_t560_firmwarepoweredge_xe8640_firmwarexc_core_xc660poweredge_r7615poweredge_r6415_firmwareemc_xc_core_6420_systempoweredge_xr7620poweredge_c6520_firmwarepoweredge_xe9640poweredge_r6615_firmwarepoweredge_r750xs_firmwarepoweredge_r7725_firmwarepoweredge_r7725emc_xc_core_xc7525poweredge_r760_firmwarepoweredge_r6715poweredge_r860xc_core_xc760xapoweredge_r650_firmwareidrac9poweredge_xe9680poweredge_c6420emc_xc_core_xcxr2poweredge_t440poweredge_hs5610_firmwarepoweredge_xr7620_firmwareemc_storage_nx3240_firmwareemc_xc_core_xc6520_firmwarepoweredge_r6625_firmwarepoweredge_r240_firmwareemc_xc_core_xc650poweredge_r7525poweredge_xe2420emc_xc_core_xc750xa_firmwarepoweredge_xr2_firmwareemc_xc_core_xc940_systempoweredge_r6515poweredge_r760poweredge_r340poweredge_r260poweredge_r840_firmwarepoweredge_r6415poweredge_xr2poweredge_t360poweredge_mx840cemc_xc_core_6420_system_firmwarepoweredge_r250poweredge_xe7420_firmwarepoweredge_r260_firmwarepoweredge_r670_firmwarepoweredge_t340_firmwarepoweredge_t350poweredge_t560poweredge_xr5610poweredge_mx750c_firmwareemc_xc_core_xc740xd_systempoweredge_hs5620_firmwarepoweredge_xr4510c_firmwarepoweredge_c6615_firmwarepoweredge_r940xa_firmwarexc_core_xc760_firmwareemc_xc_core_xc450_firmwareemc_xc_core_xc750poweredge_r940xapoweredge_xr8620tpoweredge_r7625_firmwarepoweredge_xr11_firmwarepoweredge_t350_firmwarepoweredge_r840poweredge_c6525_firmwarepoweredge_mx760cpoweredge_xe9680_firmwarepoweredge_m640_firmwaredss_8440poweredge_xe7440_firmwarepoweredge_r7415_firmwarepoweredge_r6725poweredge_r940_firmwarepoweredge_xr11dss_8440_firmwarepoweredge_hs5620xc_core_xc660xspoweredge_r540_firmwarepoweredge_r640_firmwarepoweredge_r640poweredge_c4140_firmwarepoweredge_r740_firmwarepoweredge_xe8545poweredge_r750xa_firmwarepoweredge_r440_firmwarepoweredge_r740xd2emc_nx440poweredge_xr12_firmwarepoweredge_t140poweredge_r550_firmwarepoweredge_xr8610t_firmwarepoweredge_r240poweredge_r360_firmwarepoweredge_xr8610tpoweredge_r7715emc_xc_core_xc640_system_firmwarepoweredge_r750xspoweredge_xe7440poweredge_r7515_firmwarepoweredge_r7515poweredge_r770poweredge_r470_firmwarepoweredge_r350_firmwarepoweredge_t360_firmwarepoweredge_r960_firmwarepoweredge_r660poweredge_r940poweredge_r7525_firmwarepoweredge_xe8640xc_core_xc7625poweredge_r650xs_firmwarexc_core_xc660_firmwarepoweredge_r750_firmwarepoweredge_xe9680lpoweredge_mx760c_firmwarepoweredge_r760xs_firmwareemc_nx440_firmwarepoweredge_xr5610_firmwarepoweredge_r770_firmwarepoweredge_r740poweredge_c6420_firmwarepoweredge_r470emc_storage_nx3340poweredge_r6625poweredge_r760xd2poweredge_r750xapoweredge_c6620_firmwarepoweredge_r340_firmwarexc_core_xc760poweredge_c6620poweredge_r7425poweredge_r360emc_storage_nx3240emc_xc_core_xc450poweredge_r440poweredge_xr12poweredge_xe9680l_firmwareidrac9_firmwarepoweredge_r570poweredge_r540poweredge_t160poweredge_r740xdpoweredge_mx740c_firmwarepoweredge_r650xsemc_xc_core_xc750xapoweredge_r7615_firmwarepoweredge_mx840c_firmwarepoweredge_r350poweredge_r860_firmwarepoweredge_r6515_firmwarepoweredge_t550poweredge_r450_firmwarexc_core_xc7625_firmwarepoweredge_r660xs_firmwarepoweredge_mx750cpoweredge_r550poweredge_hs5610poweredge_t640_firmwareemc_xc_core_xc740xd_system_firmwarepoweredge_r760xd2_firmwarepoweredge_r760xa_firmwarepoweredge_r7715_firmwarepoweredge_t140_firmwarepoweredge_c6615poweredge_r6615emc_xc_core_xcxr2_firmwarepoweredge_r650poweredge_r6525_firmwareemc_xc_core_xc740xd2poweredge_c4140poweredge_t340poweredge_r960emc_xc_core_xc940_system_firmwarepoweredge_fc640emc_xc_core_xc650_firmwarepoweredge_r760xapoweredge_r7415poweredge_t640poweredge_xe9640_firmwarepoweredge_xe7420emc_xc_core_xc740xd2_firmwarexc_core_xc760xa_firmwarepoweredge_xr4520cpoweredge_c6520poweredge_r6525poweredge_xr4510cemc_storage_nx3340_firmwarepoweredge_r660_firmwarepoweredge_mx740cpoweredge_xe8545_firmwarepoweredge_t440_firmwarepoweredge_r6725_firmwareemc_xc_core_xc750_firmwarepoweredge_t150poweredge_xe2420_firmwarepoweredge_r7625poweredge_r250_firmwarexc_core_xc660xs_firmwarepoweredge_r450poweredge_r570_firmwarepoweredge_t550_firmwarepoweredge_t150_firmwarepoweredge_r6715_firmwarepoweredge_r740xd_firmwareemc_xc_core_xc7525_firmwareemc_xc_core_xc640_systempoweredge_t160_firmwarepoweredge_r760xspoweredge_xr4520c_firmwarepoweredge_m640poweredge_r740xd2_firmwarepoweredge_r750poweredge_r660xsemc_xc_core_xc6520poweredge_c6525poweredge_fc640_firmwarepoweredge_xr8620t_firmwarepoweredge_r670poweredge_r7425_firmwarePowerEdge XR7620PowerEdge R860iDRAC9PowerEdge XR11PowerEdge R450PowerEdge XE8640PowerEdge R570Dell EMC XC Core XC940 SystemPowerEdge R760xaPowerEdge XR8620tPowerEdge T140PowerEdge XE7420PowerEdge XR2Dell EMC Storage NX3240PowerEdge R750XSPowerEdge R7715Dell EMC XC Core XC6520PowerEdge R6525PowerEdge M640PowerEdge R770PowerEdge R940XADell EMC XC Core XCXR2DSS 8440PowerEdge C4140PowerEdge HS5620PowerEdge R650Dell EMC Storage NX3340PowerEdge HS5610PowerEdge XR5610PowerEdge R7525Dell EMC XC Core XC740xd2PowerEdge R540Dell XC Core XC760PowerEdge C6620Dell EMC XC Core XC740xd SystemPowerEdge R760xd2Dell EMC XC Core XC7525PowerEdge R660PowerEdge T350PowerEdge R7515PowerEdge R740XDPowerEdge R760Dell EMC XC Core XC450PowerEdge C6525PowerEdge T640Dell XC Core XC660PowerEdge R960Dell EMC XC Core XC640 SystemPowerEdge T340PowerEdge R7725PowerEdge R240PowerEdge T550PowerEdge R6615PowerEdge R6725PowerEdge T560PowerEdge T440Dell XC Core XC660xsPowerEdge XE9680PowerEdge R7625PowerEdge XE9640PowerEdge XE8545PowerEdge R760xsPowerEdge XE9680LPowerEdge R550PowerEdge C6615PowerEdge FC640Dell EMC NX440Dell EMC XC Core XC750xaPowerEdge R650XSPowerEdge R940PowerEdge XR8610tPowerEdge R360PowerEdge MX760cPowerEdge R250PowerEdge T150PowerEdge MX740CPowerEdge R6515PowerEdge R660xsPowerEdge R7425PowerEdge R6415PowerEdge M640 (for PE VRTX)PowerEdge C6520PowerEdge R640PowerEdge XE2420PowerEdge XR4520cDell EMC XC Core 6420 SystemPowerEdge XE7440PowerEdge R750XAPowerEdge R440PowerEdge R6625Dell XC Core XC760xaPowerEdge R840PowerEdge XR4510cPowerEdge R470PowerEdge R670PowerEdge R350PowerEdge R750PowerEdge R6715PowerEdge XR12PowerEdge C6420PowerEdge T360Dell EMC XC Core XC650PowerEdge T160PowerEdge MX840CPowerEdge R340PowerEdge R7615PowerEdge R740XD2PowerEdge MX750CPowerEdge R740Dell EMC XC Core XC750PowerEdge R260PowerEdge R7415Dell XC Core XC7625
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2025-32257
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-1.01% / 77.19%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:59
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 1 Click WordPress Migration plugin <= 2.5.7 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through <= 2.5.7.

Action-Not Available
Vendor-1clickmigration
Product-1 Click WordPress Migration
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2024-36913
Assigner-kernel.org
ShareView Details
Assigner-kernel.org
CVSS Score-8.1||HIGH
EPSS-0.04% / 12.56%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 15:29
Updated-14 Nov, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxLinuxlinux_kernel
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2024-36912
Assigner-kernel.org
ShareView Details
Assigner-kernel.org
CVSS Score-8.1||HIGH
EPSS-0.05% / 13.81%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 15:29
Updated-18 Nov, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. In order to make sure callers of vmbus_establish_gpadl() and vmbus_teardown_gpadl() don't return decrypted/shared pages to allocators, add a field in struct vmbus_gpadl to keep track of the decryption status of the buffers. This will allow the callers to know if they should free or leak the pages.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2023-48308
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.27% / 50.28%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 23:12
Updated-27 Nov, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Calendar app returns full stacktrace when an error happens while editing appointment

Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3

Action-Not Available
Vendor-Nextcloud GmbH
Product-calendarsecurity-advisories
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
CVE-2022-43666
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-3.3||LOW
EPSS-0.10% / 26.16%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2022-39292
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.39% / 60.14%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exposure of sensitive Slack webhook URLs in debug logs and traces

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack webhooks may disable or filter debug logs.

Action-Not Available
Vendor-slack_morphism_projectabdolence
Product-slack_morphismslack-morphism-rust
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CVE-2022-31162
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.62%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 13:20
Updated-23 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs

Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive information in application logs. As a workaround, do not print/output requests and responses for OAuth and client configurations in logs.

Action-Not Available
Vendor-slack_morphism_projectabdolence
Product-slack_morphismslack-morphism-rust
CWE ID-CWE-1258
Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer