Total
800 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-4143 | 1 Ibm | 1 Cloud Private | 2024-09-17 | N/A |
The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348. | ||||
CVE-2018-1000018 | 1 Ovirt | 1 Ovirt-hosted-engine-setup | 2024-09-17 | N/A |
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. | ||||
CVE-2019-6157 | 2 Ibm, Lenovo | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2024-09-17 | N/A |
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | ||||
CVE-2020-8565 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift Container Storage, Openshift Data Foundation | 2024-09-17 | 4.7 Medium |
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. | ||||
CVE-2021-21546 | 1 Dell | 1 Emc Networker | 2024-09-16 | 7.8 High |
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files. | ||||
CVE-2020-3447 | 1 Cisco | 2 Content Security Management Appliance, Email Security Appliance | 2024-09-16 | 5.5 Medium |
A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could exploit this vulnerability by accessing specific log files on an affected device. A successful exploit could allow the attacker to obtain sensitive log data, which may include user credentials. To exploit this vulnerability, the attacker would need to have valid credentials at the operator level or higher on the affected device. | ||||
CVE-2019-4299 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-09-16 | 5.5 Medium |
IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. | ||||
CVE-2021-3037 | 1 Paloaltonetworks | 1 Pan-os | 2024-09-16 | 2.3 Low |
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server. | ||||
CVE-2018-11320 | 1 Octopus | 1 Octopus Server | 2024-09-16 | N/A |
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs. | ||||
CVE-2018-20105 | 3 Opensuse, Suse, Yast2-rmt Project | 3 Leap, Suse Linux Enterprise Server, Yast2-rmt | 2024-09-16 | 4 Medium |
A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2. | ||||
CVE-2018-7682 | 1 Microfocus | 1 Solutions Business Manager | 2024-09-16 | N/A |
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | ||||
CVE-2017-1480 | 1 Ibm | 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web | 2024-09-16 | N/A |
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617. | ||||
CVE-2017-9271 | 2 Fedoraproject, Opensuse | 2 Fedora, Zypper | 2024-09-16 | 3.3 Low |
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used. | ||||
CVE-2022-20768 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2024-09-16 | 4.9 Medium |
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials. | ||||
CVE-2020-3281 | 1 Cisco | 1 Digital Network Architecture Center | 2024-09-16 | 8.8 High |
A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. | ||||
CVE-2019-0032 | 1 Juniper | 2 Service Insight, Service Now | 2024-09-16 | 7.8 High |
A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these stored plaintext credentials can use them to login to the Organization. Affected products are: Juniper Networks Service Insight versions from 15.1R1, prior to 18.1R1. Service Now versions from 15.1R1, prior to 18.1R1. | ||||
CVE-2021-21597 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-09-16 | 7.2 High |
Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files. | ||||
CVE-2020-11932 | 1 Canonical | 1 Subiquity | 2024-09-16 | 2.3 Low |
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. | ||||
CVE-2017-9278 | 1 Netiq | 1 Identity Manager | 2024-09-16 | N/A |
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. | ||||
CVE-2020-4671 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-16 | 6.5 Medium |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. |