Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22447 | 1 Intel | 1 Open Cache Acceleration Software | 2024-08-02 | 2 Low |
| Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-21492 | 1 Samsung | 1 Android | 2024-08-02 | 4.4 Medium |
| Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | ||||
| CVE-2023-21435 | 1 Samsung | 1 Android | 2024-08-02 | 4.4 Medium |
| Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. | ||||
| CVE-2023-20891 | 1 Vmware | 2 Isolation Segment, Tanzu Application Service For Virtual Machines | 2024-08-02 | 6.5 Medium |
| The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. | ||||
| CVE-2023-20885 | 1 Pivotal | 3 Cloud Foundry Nfs Volume, Cloud Foundry Notifications, Cloud Foundry Smb Volume | 2024-08-02 | 6.5 Medium |
| Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19. | ||||
| CVE-2023-20859 | 1 Vmware | 3 Spring Cloud Config, Spring Cloud Vault, Spring Vault | 2024-08-02 | 5.5 Medium |
| In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. | ||||
| CVE-2023-20207 | 1 Duo | 1 Authentication Proxy | 2024-08-02 | 4.9 Medium |
| A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text. | ||||
| CVE-2023-6833 | 1 Hitachi | 1 Ops Center Administrator | 2024-08-02 | 4.4 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1. | ||||
| CVE-2023-6814 | 2024-08-02 | 5.6 Medium | ||
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9. | ||||
| CVE-2023-6746 | 1 Github | 1 Enterprise Server | 2024-08-02 | 8.1 High |
| An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack` when combined with other phishing techniques. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | ||||
| CVE-2023-6687 | 1 Elastic | 1 Elastic Agent | 2024-08-02 | 6.8 Medium |
| An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. | ||||
| CVE-2023-6460 | 1 Google | 1 Cloud Firestore | 2024-08-02 | 4 Medium |
| A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue | ||||
| CVE-2023-6064 | 1 Payhere | 1 Payhere Payment Gateway | 2024-08-02 | 7.5 High |
| The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur. | ||||
| CVE-2023-5499 | 1 Reachfargps | 2 Reachfar Gps, Reachfar Gps Firmware | 2024-08-02 | 7.5 High |
| Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations. | ||||
| CVE-2023-5028 | 1 Chinaunicom | 2 Tewa-800g, Tewa-800g Firmware | 2024-08-02 | 2 Low |
| A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-4688 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2024-08-02 | 5.5 Medium |
| Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. | ||||
| CVE-2023-4677 | 1 Artica | 1 Pandora Fms | 2024-08-02 | 7 High |
| Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772. | ||||
| CVE-2023-4108 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 4.5 Medium |
| Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged | ||||
| CVE-2023-3350 | 1 Ayesa | 1 Ibermatica Rps | 2024-08-02 | 8.2 High |
| A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text. | ||||
| CVE-2023-3335 | 2 Hitachi, Linux | 2 Ops Center Administrator, Linux Kernel | 2024-08-02 | 6.5 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00. | ||||