Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27549 | 1 Hcltechsw | 1 Hcl Launch | 2024-09-16 | 4 Medium |
| HCL Launch may store certain data for recurring activities in a plain text format. | ||||
| CVE-2016-10526 | 1 Grunt-gh-pages Project | 1 Grunt-gh-pages | 2024-09-16 | N/A |
| A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised. | ||||
| CVE-2019-1961 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-09-16 | 4.9 Medium |
| A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to the improper input validation of tar packages uploaded through the Web Portal to the Image Repository. An attacker could exploit this vulnerability by uploading a crafted tar package and viewing the log entries that are generated. A successful exploit could allow the attacker to read arbitrary files on the underlying OS. | ||||
| CVE-2023-40682 | 1 Ibm | 1 App Connect Enterprise | 2024-09-16 | 4.4 Medium |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. | ||||
| CVE-2022-20651 | 1 Cisco | 1 Adaptive Security Device Manager | 2024-09-16 | 5.5 Medium |
| A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device. | ||||
| CVE-2018-19014 | 1 Draeger | 8 Delta Xl, Delta Xl Firmware, Infinity Delta and 5 more | 2024-09-16 | N/A |
| Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration. | ||||
| CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2024-09-16 | 4.1 Medium |
| Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | ||||
| CVE-2018-1000123 | 1 Ionicframework | 1 Ios Keychain | 2024-09-16 | N/A |
| Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf. | ||||
| CVE-2020-26199 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2024-09-16 | 6.4 Medium |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user. | ||||
| CVE-2020-8566 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-09-16 | 4.7 Medium |
| In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13. | ||||
| CVE-2022-20807 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-09-16 | 4.3 Medium |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-3541 | 1 Cisco | 2 Webex Meetings, Webex Teams | 2024-09-16 | 4.4 Medium |
| A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. | ||||
| CVE-2020-4900 | 1 Ibm | 1 Business Automation Workflow | 2024-09-16 | 5.5 Medium |
| IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. | ||||
| CVE-2020-1622 | 1 Juniper | 1 Junos Os Evolved | 2024-09-16 | 5.5 Medium |
| A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1. | ||||
| CVE-2021-34800 | 1 Acronis | 1 Agent | 2024-09-16 | 7.5 High |
| Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147 | ||||
| CVE-2018-1223 | 1 Pivotal | 1 Cloud Foundry Container Runtime | 2024-09-16 | 8.8 High |
| Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges. | ||||
| CVE-2021-21561 | 1 Dell | 1 Emc Powerscale Onefs | 2024-09-16 | 7.8 High |
| Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. | ||||
| CVE-2022-0021 | 2 Microsoft, Paloaltonetworks | 2 Windows, Globalprotect | 2024-09-16 | 3.3 Low |
| An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms. | ||||
| CVE-2020-1987 | 1 Paloaltonetworks | 1 Globalprotect | 2024-09-16 | 3.9 Low |
| An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1. | ||||
| CVE-2018-1264 | 1 Pivotal Software | 1 Cloud Foundry Log Cache | 2024-09-16 | N/A |
| Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation. | ||||