Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3528 | 1 Redhat | 2 Noobaa-operator, Openshift Container Storage | 2024-08-03 | 8.8 High |
| A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration. | ||||
| CVE-2021-3429 | 2 Canonical, Redhat | 3 Cloud-init, Enterprise Linux, Rhel Eus | 2024-08-03 | 5.5 Medium |
| When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. | ||||
| CVE-2021-3447 | 2 Fedoraproject, Redhat | 7 Fedora, Ansible, Ansible Automation Platform and 4 more | 2024-08-03 | 5.5 Medium |
| A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2. | ||||
| CVE-2021-3425 | 1 Redhat | 2 Amq Broker, Jboss A-mq | 2024-08-03 | 4.4 Medium |
| A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable. | ||||
| CVE-2021-3167 | 1 Cloudera | 1 Data Engineering | 2024-08-03 | 6.5 Medium |
| In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs. | ||||
| CVE-2021-0991 | 1 Google | 1 Android | 2024-08-03 | 2.4 Low |
| In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181588752 | ||||
| CVE-2021-0997 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
| In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488 | ||||
| CVE-2021-0549 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
| In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 | ||||
| CVE-2021-0148 | 1 Intel | 36 Ssd D-s4510, Ssd D-s4510 Firmware, Ssd D5-p4320 and 33 more | 2024-08-03 | 4.4 Medium |
| Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2022-48435 | 1 Jetbrains | 1 Phpstorm | 2024-08-03 | 3.3 Low |
| In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file | ||||
| CVE-2022-48319 | 1 Checkmk | 1 Checkmk | 2024-08-03 | 6.5 Medium |
| Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file. | ||||
| CVE-2022-48228 | 1 Gbgplc | 1 Acuant Asureid Sentinel | 2024-08-03 | 5.5 Medium |
| An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. | ||||
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2024-08-03 | 6.1 Medium |
| Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2022-44745 | 1 Acronis | 1 Cyber Protect Home Office | 2024-08-03 | 5.5 Medium |
| Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2024-08-03 | 6.5 Medium |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | ||||
| CVE-2022-44587 | 1 Melapress | 1 Wp 2fa | 2024-08-03 | 5.3 Medium |
| Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3. | ||||
| CVE-2022-43954 | 1 Fortinet | 1 Fortiportal | 2024-08-03 | 4.1 Medium |
| An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | ||||
| CVE-2022-43923 | 1 Ibm | 1 Maximo Application Suite | 2024-08-03 | 6.2 Medium |
| IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584. | ||||
| CVE-2022-43870 | 1 Ibm | 1 Spectrum Virtualize | 2024-08-03 | 6.5 Medium |
| IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540. | ||||
| CVE-2022-43930 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-08-03 | 6.2 Medium |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. | ||||