Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3349 | 1 Ayesa | 1 Ibermatica Rps | 2024-09-19 | 8.2 High |
| Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded. | ||||
| CVE-2023-5182 | 1 Canonical | 1 Subiquity | 2024-09-19 | 5.5 Medium |
| Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. | ||||
| CVE-2021-22533 | 2 Microfocus, Opentext | 2 Edirectory, Edirectory | 2024-09-19 | 6.5 Medium |
| Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | ||||
| CVE-2024-20440 | 1 Cisco | 2 Cisco Smart License Utility, Smart License Utility | 2024-09-19 | 7.5 High |
| A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API. | ||||
| CVE-2023-39447 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2024-09-18 | 4.4 Medium |
| When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-41253 | 1 F5 | 2 Big-ip Domain Name System, Big-ip Local Traffic Manager | 2024-09-18 | 5.5 Medium |
| When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-43485 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2024-09-18 | 5.5 Medium |
| When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-25604 | 1 Fortinet | 1 Fortiguest | 2024-09-18 | 5.5 Medium |
| An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. | ||||
| CVE-2024-4472 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 4 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs. | ||||
| CVE-2023-41263 | 1 Plixer | 1 Scrutinizer | 2024-09-18 | 3.7 Low |
| An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information. | ||||
| CVE-2024-6060 | 1 Phloc | 1 Webscopes | 2024-09-18 | N/A |
| An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information. | ||||
| CVE-2023-1904 | 1 Octopus | 1 Octopus Server | 2024-09-18 | 4.2 Medium |
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | ||||
| CVE-2024-8775 | 1 Redhat | 2 Ansible Automation Platform, Enterprise Linux Ai | 2024-09-18 | 5.5 Medium |
| A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. | ||||
| CVE-2023-31422 | 1 Elastic | 1 Kibana | 2024-09-17 | 9 Critical |
| An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users. | ||||
| CVE-2021-3036 | 1 Paloaltonetworks | 1 Pan-os | 2024-09-17 | 4.4 Medium |
| An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests. Logged information includes the cleartext username, password, and API key of the administrator making the PAN-OS XML API request. | ||||
| CVE-2020-1620 | 1 Juniper | 1 Junos Os Evolved | 2024-09-17 | 5.5 Medium |
| A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1. | ||||
| CVE-2021-21598 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-09-17 | 3.9 Low |
| Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files. | ||||
| CVE-2020-11646 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-09-17 | 4.3 Medium |
| A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users. | ||||
| CVE-2015-1343 | 1 Canonical | 1 Ubuntu Linux | 2024-09-17 | N/A |
| All versions of unity-scope-gdrive logs search terms to syslog. | ||||
| CVE-2022-27896 | 1 Palantir | 1 Foundry Code-workbooks | 2024-09-17 | 4.2 Medium |
| Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. | ||||