Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 5.3 Medium |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | ||||
| CVE-2018-3609 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2024-08-05 | N/A |
| A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | ||||
| CVE-2018-2440 | 1 Sap | 1 Dynamic Authorization Management | 2024-08-05 | N/A |
| Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. | ||||
| CVE-2018-2372 | 1 Sap | 1 Hana Extended Application Services | 2024-08-05 | N/A |
| A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication. | ||||
| CVE-2018-1350 | 1 Netiq | 1 Identity Manager | 2024-08-05 | N/A |
| The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration. | ||||
| CVE-2018-1349 | 1 Netiq | 1 Identity Manager | 2024-08-05 | N/A |
| The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration. | ||||
| CVE-2018-1075 | 2 Ovirt, Redhat | 2 Ovirt, Rhev Manager | 2024-08-05 | N/A |
| ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords. | ||||
| CVE-2018-1072 | 2 Ovirt, Redhat | 3 Ovirt, Enterprise Virtualization Manager, Rhev Manager | 2024-08-05 | N/A |
| ovirt-engine before version ovirt 4.2.2 is vulnerable to an information exposure through log files. When engine-backup was run with one of the options "--provision*db", the database username and password were logged in cleartext. Sharing the provisioning log might inadvertently leak database passwords. | ||||
| CVE-2018-1117 | 2 Ovirt, Redhat | 3 Ovirt-ansible-roles, Enterprise Virtualization, Rhev Manager | 2024-08-05 | N/A |
| ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. | ||||
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-08-05 | N/A |
| A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. | ||||
| CVE-2018-0042 | 1 Juniper | 1 Contrail Service Orchestration | 2024-08-05 | N/A |
| Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. | ||||
| CVE-2019-20852 | 1 Mattermost | 1 Mattermost Mobile | 2024-08-05 | 7.5 High |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). | ||||
| CVE-2019-20625 | 1 Google | 1 Android | 2024-08-05 | 3.3 Low |
| An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019). | ||||
| CVE-2019-19039 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-08-05 | 5.5 Medium |
| __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case. | ||||
| CVE-2019-19150 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-08-05 | 4.9 Medium |
| On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. | ||||
| CVE-2019-18385 | 1 Terra-master | 2 Fs-210, Fs-210 Firmware | 2024-08-05 | 7.5 High |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. | ||||
| CVE-2019-18244 | 1 Osisoft | 1 Pi Vision | 2024-08-05 | 4.7 Medium |
| In OSIsoft PI System multiple products and versions, a local attacker could view sensitive information in log files when service accounts are customized during installation or upgrade of PI Vision. The update fixes a previously reported issue. | ||||
| CVE-2019-18193 | 1 Unisys | 1 Stealth | 2024-08-05 | 7.5 High |
| In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. | ||||
| CVE-2019-17398 | 1 Darkhorse | 1 Dark Horse Comics | 2024-08-05 | 9.8 Critical |
| In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17395 | 1 Rapidgator | 1 Rapidgator | 2024-08-05 | 9.8 Critical |
| In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||