Total
800 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-41543 | 1 Siemens | 2 Climatix Pol909, Climatix Pol909 Firmware | 2024-08-04 | 6.5 Medium |
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files. | ||||
CVE-2021-40364 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-08-04 | 5.5 Medium |
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system. | ||||
CVE-2021-39913 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.4 Medium |
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges | ||||
CVE-2021-39900 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 2 Low |
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | ||||
CVE-2021-39739 | 1 Google | 1 Android | 2024-08-04 | 3.3 Low |
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 | ||||
CVE-2021-39715 | 1 Google | 1 Android | 2024-08-04 | 4.4 Medium |
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel | ||||
CVE-2021-39246 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-08-04 | 6.1 Medium |
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network). | ||||
CVE-2021-39291 | 1 Netmodule | 16 Nb1600, Nb1601, Nb1800 and 13 more | 2024-08-04 | 8.8 High |
Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | ||||
CVE-2021-39011 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2024-08-04 | 4.2 Medium |
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645. | ||||
CVE-2021-37861 | 1 Mattermost | 1 Mattermost | 2024-08-04 | 5.8 Medium |
Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | ||||
CVE-2021-37760 | 1 Graylog | 1 Graylog | 2024-08-04 | 9.8 Critical |
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). | ||||
CVE-2021-37759 | 1 Graylog | 1 Graylog | 2024-08-04 | 9.8 Critical |
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). | ||||
CVE-2021-37709 | 1 Shopware | 1 Shopware | 2024-08-04 | 6.5 Medium |
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||
CVE-2021-37036 | 1 Huawei | 3 Ecns280 Td, Ecns280 Td Firmware, Fusioncompute | 2024-08-04 | 5.5 Medium |
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. | ||||
CVE-2021-36544 | 1 Tpcms Project | 1 Tpcms | 2024-08-04 | 7.5 High |
Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | ||||
CVE-2021-35299 | 1 Zammad | 1 Zammad | 2024-08-04 | 7.5 High |
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. | ||||
CVE-2021-34797 | 1 Apache | 1 Geode | 2024-08-04 | 7.5 High |
Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0. | ||||
CVE-2021-34689 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2024-08-04 | 5.5 Medium |
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files. | ||||
CVE-2021-34532 | 2 Microsoft, Redhat | 4 Asp.net Core, Visual Studio 2019, Enterprise Linux and 1 more | 2024-08-04 | 5.5 Medium |
ASP.NET Core and Visual Studio Information Disclosure Vulnerability | ||||
CVE-2021-32801 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-03 | 5.5 Medium |
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. |