Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1264 | 1 Pivotal Software | 1 Cloud Foundry Log Cache | 2024-09-16 | N/A |
| Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation. | ||||
| CVE-2019-11292 | 1 Pivotal Software | 1 Operations Manager | 2024-09-16 | 6.5 Medium |
| Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well. | ||||
| CVE-2021-38939 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-09-16 | 5.3 Medium |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. | ||||
| CVE-2018-15763 | 1 Pivotal Software | 1 Pivotal Container Service | 2024-09-16 | N/A |
| Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials. | ||||
| CVE-2019-3715 | 1 Rsa | 1 Archer Grc Platform | 2024-09-16 | N/A |
| RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. | ||||
| CVE-2019-4225 | 1 Ibm | 1 Pureapplication System | 2024-09-16 | 4.4 Medium |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242. | ||||
| CVE-2018-15797 | 1 Pivotal Software | 1 Cloud Foundry Nfs Volume | 2024-09-16 | N/A |
| Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand. | ||||
| CVE-2017-6139 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-09-16 | N/A |
| In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. | ||||
| CVE-2018-1999036 | 1 Jenkins | 1 Ssh Agent | 2024-09-16 | N/A |
| An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. | ||||
| CVE-2022-20806 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-09-16 | 4.3 Medium |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2017-1733 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-09-16 | N/A |
| IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914. | ||||
| CVE-2020-2044 | 1 Paloaltonetworks | 1 Pan-os | 2024-09-16 | 3.3 Low |
| An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. | ||||
| CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-09-16 | 6.2 Medium |
| IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | ||||
| CVE-2019-8944 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-09-16 | N/A |
| An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files. | ||||
| CVE-2022-34369 | 1 Dell | 1 Emc Powerscale Onefs | 2024-09-16 | 8.1 High |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. | ||||
| CVE-2019-11273 | 1 Pivotal Software | 1 Pivotal Container Service | 2024-09-16 | 4.3 Medium |
| Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and versions 1.4.x prior to 1.4.1, contains a vulnerable component which logs the username and password to the billing database. A remote authenticated user with access to those logs may be able to retrieve non-sensitive information. | ||||
| CVE-2018-1768 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | N/A |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. | ||||
| CVE-2019-18576 | 1 Dell | 1 Xtremio Management Server | 2024-09-16 | 6.7 Medium |
| Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. | ||||
| CVE-2019-11293 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2024-09-16 | 6.5 Medium |
| Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters. | ||||
| CVE-2001-1556 | 1 Apache | 1 Http Server | 2024-09-16 | 3.3 Low |
| The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. | ||||