Total
863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21316 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21318 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21319 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21320 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21321 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2024-55891 | 2025-01-15 | 3.1 Low | ||
| TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-12569 | 2025-01-15 | 7.8 High | ||
| Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | ||||
| CVE-2025-21323 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2025-21317 | 2025-01-15 | 5.5 Medium | ||
| Windows Kernel Memory Information Disclosure Vulnerability | ||||
| CVE-2023-28351 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 3.3 Low |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain PII and/or to compromise personal accounts owned by the victim. | ||||
| CVE-2024-8775 | 1 Redhat | 4 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 1 more | 2025-01-10 | 5.5 Medium |
| A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. | ||||
| CVE-2024-28186 | 1 Freescout | 1 Freescout | 2025-01-10 | 7.1 High |
| FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The sensitive information is then inadvertently disclosed to users via the `/conversation/ajax-html/send_log?folder_id=&thread_id={id}` endpoint. The stack trace reveals value of parameters, including the username and password, passed to the `Swift_Transport_Esmtp_Auth_LoginAuthenticator->authenticate()` function. Exploiting this vulnerability allows an attacker to gain unauthorized access to SMTP server credentials. With this sensitive information in hand, the attacker can potentially send unauthorized emails from the compromised SMTP server, posing a severe threat to the confidentiality and integrity of email communications. This could lead to targeted attacks on both the application users and the organization itself, compromising the security of email exchange servers. This issue has been addressed in version 1.8.124. Users are advised to upgrade. Users unable to upgrade should adopt the following measures: 1. Avoid Storing Complete Stack Traces, 2. Implement redaction mechanisms to filter and exclude sensitive information, and 3. Review and enhance the application's logging practices. | ||||
| CVE-2023-34223 | 1 Jetbrains | 1 Teamcity | 2025-01-09 | 4.3 Medium |
| In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | ||||
| CVE-2024-25959 | 1 Dell | 1 Powerscale Onefs | 2025-01-09 | 7.9 High |
| Dell PowerScale OneFS versions 9.4.0.x through 9.7.0.x contains an insertion of sensitive information into log file vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure, escalation of privileges. | ||||
| CVE-2024-40679 | 1 Ibm | 1 Db2 | 2025-01-08 | 5.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. | ||||
| CVE-2023-34097 | 1 Hoppscotch | 1 Hoppscotch | 2025-01-08 | 7.8 High |
| hoppscotch is an open source API development ecosystem. In versions prior to 2023.4.5 the database password is exposed in the logs when showing the database connection string. Attackers with access to read system logs will be able to elevate privilege with full access to the database. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-39532 | 2025-01-07 | 6.3 Medium | ||
| An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plain text in a specific log file, so that a high-privileged attacker has access to this information. This issue affects: Junos OS: * All versions before 21.2R3-S9; * 21.4 versions before 21.4R3-S9; * 22.2 versions before 22.2R2-S1, 22.2R3; * 22.3 versions before 22.3R1-S1, 22.3R2; Junos OS Evolved: * All versions before before 22.1R3-EVO; * 22.2-EVO versions before 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions before 22.3R1-S1-EVO, 22.3R2-EVO. | ||||
| CVE-2024-49816 | 1 Ibm | 1 Security Guardium Key Lifecycle Manager | 2025-01-07 | 4.9 Medium |
| IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | ||||
| CVE-2024-45739 | 1 Splunk | 1 Splunk | 2025-01-07 | 4.9 Medium |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. | ||||
| CVE-2023-46231 | 1 Splunk | 1 Add-on Builder | 2025-01-07 | 8.8 High |
| In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. | ||||