Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8912 | 1 Ibm | 1 Kenexa Lms On Cloud | 2024-08-06 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. | ||||
| CVE-2016-8346 | 1 Moxa | 3 Edr-810, Edr-810-vpn, Edr-810 Firmware | 2024-08-06 | N/A |
| An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION). | ||||
| CVE-2016-8233 | 1 Lenovo | 1 Xclarity Administrator | 2024-08-06 | N/A |
| Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. | ||||
| CVE-2016-6799 | 1 Apache | 1 Cordova | 2024-08-06 | N/A |
| Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications. | ||||
| CVE-2016-6310 | 1 Redhat | 1 Enterprise Virtualization | 2024-08-06 | N/A |
| oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | ||||
| CVE-2016-5967 | 1 Ibm | 1 Rational Asset Analyzer | 2024-08-06 | N/A |
| The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. | ||||
| CVE-2016-5432 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Rhev Manager | 2024-08-06 | N/A |
| The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. | ||||
| CVE-2016-4996 | 1 Redhat | 3 Enterprise Linux Server, Satellite, Satellite Capsule | 2024-08-06 | N/A |
| discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | ||||
| CVE-2016-4443 | 1 Redhat | 2 Enterprise Virtualization, Rhev Manager | 2024-08-06 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | ||||
| CVE-2016-2943 | 1 Ibm | 1 Bigfix Remote Control | 2024-08-05 | N/A |
| IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file. | ||||
| CVE-2016-2928 | 1 Ibm | 1 Bigfix Remote Control | 2024-08-05 | N/A |
| IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs. | ||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-08-05 | 10.0 Critical |
| MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM. | ||||
| CVE-2016-0875 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-08-05 | 7.5 High |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | ||||
| CVE-2016-0879 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2024-08-05 | 7.5 High |
| Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | ||||
| CVE-2016-0448 | 3 Canonical, Oracle, Redhat | 7 Ubuntu Linux, Jdk, Jre and 4 more | 2024-08-05 | N/A |
| Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. | ||||
| CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2024-08-05 | N/A |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | ||||
| CVE-2017-1000401 | 1 Jenkins | 1 Jenkins | 2024-08-05 | N/A |
| The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, <f:password/>, supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for <f:password/> is now always sent via POST, which is typically not logged. | ||||
| CVE-2017-1000171 | 1 Mahara | 1 Mahara Mobile | 2024-08-05 | N/A |
| Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. | ||||
| CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | ||||
| CVE-2017-18423 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | ||||