Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17396 | 1 Powerschool | 1 Powerschool Mobile | 2024-08-05 | 9.8 Critical |
| In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17394 | 1 Seesaw | 1 Parent And Family | 2024-08-05 | 9.8 Critical |
| In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17355 | 1 Orbitz | 1 Orbitz | 2024-08-05 | 9.8 Critical |
| In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-17397 | 1 Doordash | 1 Doordash | 2024-08-05 | 9.8 Critical |
| In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat. | ||||
| CVE-2019-16528 | 1 Mediawiki | 1 Abusefilter | 2024-08-05 | 7.5 High |
| An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33. | ||||
| CVE-2019-16157 | 1 Fortinet | 1 Fortiweb | 2024-08-05 | 6.5 Medium |
| An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | ||||
| CVE-2019-16206 | 1 Broadcom | 1 Brocade Sannav | 2024-08-05 | 5.5 Medium |
| The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | ||||
| CVE-2019-16203 | 1 Broadcom | 1 Fabric Operating System | 2024-08-05 | 7.5 High |
| Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client. | ||||
| CVE-2019-16210 | 1 Broadcom | 1 Brocade Sannav | 2024-08-05 | 5.5 Medium |
| Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | ||||
| CVE-2019-16204 | 1 Broadcom | 1 Fabric Operating System | 2024-08-05 | 7.5 High |
| Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. | ||||
| CVE-2019-16116 | 1 Enterprisedt | 1 Completeftp Server | 2024-08-05 | 4.3 Medium |
| EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash. | ||||
| CVE-2019-15508 | 1 Octopus | 2 Server, Tentacle | 2024-08-05 | N/A |
| In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy is configured, an authenticated user (in certain limited OctopusPrintVariables circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 5.0.1. The fix was back-ported to 4.0.7. | ||||
| CVE-2019-15507 | 1 Octopus | 1 Server | 2024-08-05 | N/A |
| In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request proxy is configured, an authenticated user (in certain limited special-characters circumstances) could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.7. The fix was back-ported to LTS 2019.6.7 as well as LTS 2019.3.8. | ||||
| CVE-2019-15235 | 1 Control-webpanel | 1 Webpanel | 2024-08-05 | 6.5 Medium |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. This is different from CVE-2019-14782. | ||||
| CVE-2019-15294 | 1 Gallagher | 1 Command Centre | 2024-08-05 | N/A |
| An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file. | ||||
| CVE-2019-14885 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Single Sign On, Single Sign-on | 2024-08-05 | 4.3 Medium |
| A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information. | ||||
| CVE-2019-14846 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-08-05 | 7.8 High |
| In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. | ||||
| CVE-2019-14854 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-08-05 | 6.5 Medium |
| OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user. | ||||
| CVE-2019-14864 | 3 Debian, Opensuse, Redhat | 9 Debian Linux, Backports Sle, Leap and 6 more | 2024-08-05 | 6.5 Medium |
| Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. | ||||
| CVE-2019-14858 | 1 Redhat | 3 Ansible Engine, Ansible Tower, Openstack | 2024-08-05 | 5.5 Medium |
| A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task. | ||||