Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10165 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-08-04 | 2.3 Low |
| OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources. | ||||
| CVE-2019-10084 | 1 Apache | 1 Impala | 2024-08-04 | 7.5 High |
| In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. | ||||
| CVE-2019-9976 | 1 Dasannetworks | 2 H660rm, H660rm Firmware | 2024-08-04 | N/A |
| The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users. | ||||
| CVE-2019-9929 | 1 Northern | 1 Cfengine | 2024-08-04 | N/A |
| Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. | ||||
| CVE-2019-9734 | 1 Aquaverde | 1 Aquarius Cms | 2024-08-04 | N/A |
| Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances. | ||||
| CVE-2019-9724 | 1 Aquaverde | 1 Aquarius Cms | 2024-08-04 | N/A |
| aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component. | ||||
| CVE-2019-9277 | 1 Google | 1 Android | 2024-08-04 | 3.3 Low |
| In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944 | ||||
| CVE-2019-7612 | 2 Elastic, Netapp | 2 Logstash, Active Iq Performance Analytics Services | 2024-08-04 | 9.8 Critical |
| A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. | ||||
| CVE-2019-6656 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2024-08-04 | 7.5 High |
| BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix. | ||||
| CVE-2019-6662 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-08-04 | 6.5 Medium |
| On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the local log files and/or remote logging targets when restjavad processes an invalid request. Users with access to the log files would be able to view that data. | ||||
| CVE-2019-6648 | 2 F5, Redhat | 2 Container Ingress Service, Openshift | 2024-08-04 | 4.4 Medium |
| On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. | ||||
| CVE-2019-5532 | 1 Vmware | 1 Vcenter Server | 2024-08-04 | 7.7 High |
| VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | ||||
| CVE-2019-3891 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-08-04 | 7.8 High |
| It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates. | ||||
| CVE-2019-3888 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 7 more | 2024-08-04 | 9.8 Critical |
| A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) | ||||
| CVE-2019-3830 | 2 Openstack, Redhat | 2 Ceilometer, Openstack | 2024-08-04 | 7.8 High |
| A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | ||||
| CVE-2019-3649 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-04 | 5.3 Medium |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | ||||
| CVE-2019-3500 | 4 Aria2 Project, Canonical, Debian and 1 more | 4 Aria2, Ubuntu Linux, Debian Linux and 1 more | 2024-08-04 | 7.8 High |
| aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | ||||
| CVE-2019-3429 | 1 Zte | 1 Zxcloud Goldendata Vap | 2024-08-04 | 5.3 Medium |
| All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information. | ||||
| CVE-2019-0741 | 1 Microsoft | 1 Java Software Development Kit | 2024-08-04 | N/A |
| An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'. | ||||
| CVE-2019-0380 | 1 Sap | 1 Landscape Management | 2024-08-04 | 4.9 Medium |
| Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure. | ||||