Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0266 | 1 Sap | 1 Hana Extended Application Services | 2024-08-04 | N/A |
| Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized access, the risk of leaking information is increased. | ||||
| CVE-2019-0202 | 1 Apache | 1 Storm | 2024-08-04 | N/A |
| The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints. | ||||
| CVE-2020-35234 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-08-04 | 7.5 High |
| The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there. | ||||
| CVE-2020-26605 | 1 Google | 1 Android | 2024-08-04 | 7.5 High |
| An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020). | ||||
| CVE-2020-26416 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4 Medium |
| Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. | ||||
| CVE-2020-25987 | 1 Monocms | 1 Monocms | 2024-08-04 | 7.5 High |
| MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash. | ||||
| CVE-2020-25640 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jboss Fuse, Openshift Application Runtimes and 2 more | 2024-08-04 | 5.3 Medium |
| A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | ||||
| CVE-2020-25046 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020). | ||||
| CVE-2020-24804 | 1 Cms-dev | 1 Cms | 2024-08-04 | 6.5 Medium |
| Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs. | ||||
| CVE-2020-24566 | 1 Octopus | 1 Octopus Deploy | 2024-08-04 | 7.5 High |
| In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output. | ||||
| CVE-2020-24038 | 1 Eram | 6 Myfax150, Myfax150 Firmware, Myfax250 and 3 more | 2024-08-04 | 6.5 Medium |
| myFax version 229 logs sensitive information in the export log module which allows any user to access critical information. | ||||
| CVE-2020-23284 | 1 Mv | 1 Idce | 2024-08-04 | 7.5 High |
| Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application. | ||||
| CVE-2020-21933 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package. | ||||
| CVE-2020-15829 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 5.3 Medium |
| In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | ||||
| CVE-2020-15581 | 1 Google | 1 Android | 2024-08-04 | 5.3 Medium |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020). | ||||
| CVE-2020-15370 | 1 Broadcom | 1 Fabric Operating System | 2024-08-04 | 6.5 Medium |
| Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files. | ||||
| CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2024-08-04 | 7.5 High |
| Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | ||||
| CVE-2020-15095 | 4 Fedoraproject, Npmjs, Opensuse and 1 more | 6 Fedora, Npm, Leap and 3 more | 2024-08-04 | 4.4 Medium |
| Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files. | ||||
| CVE-2020-14518 | 1 Philips | 1 Dreammapper | 2024-08-04 | 5.3 Medium |
| Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. | ||||
| CVE-2020-14470 | 1 Octopus | 1 Octopus Deploy | 2024-08-04 | 6.5 Medium |
| In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | ||||