Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43043 | 2024-08-05 | 5.1 Medium | ||
| IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875. | ||||
| CVE-2017-3744 | 2 Ibm, Lenovo | 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more | 2024-08-05 | N/A |
| In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands. | ||||
| CVE-2017-2621 | 2 Openstack, Redhat | 2 Heat, Openstack | 2024-08-05 | 5.5 Medium |
| An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. | ||||
| CVE-2017-2592 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Oslo.middleware, Openstack | 2024-08-05 | N/A |
| python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens). | ||||
| CVE-2017-0380 | 1 Torproject | 1 Tor | 2024-08-05 | N/A |
| The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | ||||
| CVE-2018-1000089 | 1 Django-anymail Project | 1 Django-anymail | 2024-08-05 | N/A |
| Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4. | ||||
| CVE-2018-1000060 | 2 Redhat, Sensu | 2 Openstack-optools, Sensu Core | 2024-08-05 | N/A |
| Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b. | ||||
| CVE-2018-20956 | 1 Swann | 2 Swwhd-intcam-hd, Swwhd-intcam-hd Firmware | 2024-08-05 | N/A |
| Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset. NOTE: all affected customers were migrated by 2020-08-31. | ||||
| CVE-2018-19863 | 1 Agilebits | 1 1password | 2024-08-05 | N/A |
| An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually entered into Safari. | ||||
| CVE-2018-19865 | 2 Opensuse, Qt | 2 Leap, Qt | 2024-08-05 | N/A |
| A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. | ||||
| CVE-2018-19786 | 1 Hashicorp | 1 Vault | 2024-08-05 | 7.3 High |
| HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | ||||
| CVE-2018-19513 | 1 Ens | 1 Webgalamb | 2024-08-05 | N/A |
| In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors. | ||||
| CVE-2018-19583 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 6.5 Medium |
| GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token. | ||||
| CVE-2018-18466 | 1 Securenvoy | 1 Securaccess | 2024-08-05 | N/A |
| An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues | ||||
| CVE-2018-17922 | 1 Circontrol | 2 Circarlife, Circarlife Firmware | 2024-08-05 | N/A |
| Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. | ||||
| CVE-2018-17447 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-05 | N/A |
| An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | ||||
| CVE-2018-16889 | 1 Redhat | 2 Ceph, Ceph Storage | 2024-08-05 | N/A |
| Ceph does not properly sanitize encryption keys in debug logging for v4 auth. This results in the leaking of encryption key information in log files via plaintext. Versions up to v13.2.4 are vulnerable. | ||||
| CVE-2018-16859 | 1 Redhat | 1 Ansible Engine | 2024-08-05 | N/A |
| Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable. | ||||
| CVE-2018-16856 | 2 Openstack, Redhat | 2 Octavia, Openstack | 2024-08-05 | N/A |
| In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. | ||||
| CVE-2018-16095 | 1 Lenovo | 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more | 2024-08-05 | N/A |
| In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails. | ||||