Total
1064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0815 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to debug. Users
should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and
Horizon installation instructions state that they are intended for installation
within an organization's private networks and should not be directly accessible
from the Internet.
|
|||||
| CVE-2023-0436 | 1 Mongodb | 1 Atlas Kubernetes Operator | 2024-11-21 | N/A | 4.5 MEDIUM |
|
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0.
Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version.
Required Configuration:
DEBUG logging is not enabled by default, and must be configure ...
Show More |
|||||
| CVE-2022-4311 | 1 Arcinformatique | 1 Pcvue | 2024-11-21 | N/A | 4.7 MEDIUM |
|
An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This
could allow a user with access to the log files to discover connection strings of data sources configured for the
DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users
unauthorized access to the underlying data sources.
|
|||||
| CVE-2022-48435 | 1 Jetbrains | 1 Phpstorm | 2024-11-21 | N/A | 3.3 LOW |
|
In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file
|
|||||
| CVE-2022-48319 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Sensitive host secret disclosed in cmk-update-agent.log file in Tribe29's Checkmk <= 2.1.0p13, Checkmk <= 2.0.0p29, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to gain access to the host secret through the unprotected agent updater log file.
|
|||||
| CVE-2022-46647 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | N/A | 2.2 LOW |
|
Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2022-45098 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure.
|
|||||
| CVE-2022-44745 | 1 Acronis | 1 Cyber Protect Home Office | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
|
|||||
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
|
|||||
| CVE-2022-44587 | 1 Melapress | 1 Wp 2fa | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
|
|||||
| CVE-2022-43954 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.
|
|||||
| CVE-2022-43930 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.
|
|||||
| CVE-2022-43923 | 1 Ibm | 1 Maximo Application Suite | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensitive information that could be read by a local user. IBM X-Force ID: 241584.
|
|||||
| CVE-2022-43887 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | N/A | 5.3 MEDIUM |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to sensitive information exposure by passing API keys to log files. If these keys contain sensitive information, it could lead to further attacks. IBM X-Force ID: 240450.
|
|||||
| CVE-2022-43870 | 1 Ibm | 1 Spectrum Virtualize | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server credentials to an authenticated user in log files. IBM X-Force ID: 239540.
|
|||||
| CVE-2022-43772 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 3.8 LOW |
|
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
|
|||||
| CVE-2022-42439 | 4 Ibm, Linux, Microsoft and 1 more | 6 Aix, App Connect Enterprise, App Connect Enterprise Certified Container and 3 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
|
|||||
| CVE-2022-41618 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-21 | N/A | 3.7 LOW |
|
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.
|
|||||
| CVE-2022-41553 | 2 Hitachi, Linux | 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information.
This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.
|
|||||
| CVE-2022-40979 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.4 MEDIUM |
|
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
|
|||||
| CVE-2022-3191 | 2 Hitachi, Linux | 2 Ops Center Analyzer, Linux Kernel | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information.
This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00
|
|||||
| CVE-2022-39897 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
|
|||||
| CVE-2022-39893 | 1 Samsung | 1 Galaxy Buds Pro Manage | 2024-11-21 | N/A | 3.3 LOW |
|
Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.
|
|||||
| CVE-2022-39876 | 1 Samsung | 1 Reminder | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.
|
|||||
| CVE-2022-39874 | 1 Samsung | 1 Account | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
|
|||||
| CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | N/A | 7.5 HIGH |
|
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
|
|||||
| CVE-2022-39046 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.
|
|||||
| CVE-2022-39043 | 1 Juiker | 1 Juiker | 2024-11-21 | N/A | 2.4 LOW |
|
Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.
|
|||||
| CVE-2022-38149 | 1 Hashicorp | 1 Consul Template | 2024-11-21 | N/A | 7.5 HIGH |
|
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.
|
|||||
| CVE-2022-38133 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 3.2 LOW |
|
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
|
|||||
| CVE-2022-36877 | 1 Samsung | 1 Samsung Members | 2024-11-21 | N/A | 2.8 LOW |
|
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.
|
|||||
| CVE-2022-36407 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
|
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virt ...
Show More |
|||||
| CVE-2022-36321 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.1 MEDIUM |
|
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
|
|||||
| CVE-2022-35719 | 1 Ibm | 1 Mq Internet Pass-thru | 2024-11-21 | N/A | 5.1 MEDIUM |
|
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.
|
|||||
| CVE-2022-34826 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | N/A | 5.9 MEDIUM |
|
In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs.
|
|||||
| CVE-2022-34570 | 1 Wavlink | 2 Wl-wn579x3, Wl-wn579x3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.
|
|||||
| CVE-2022-34369 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 8.1 HIGH |
|
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data.
|
|||||
| CVE-2022-33911 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information.
|
|||||
| CVE-2022-33737 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password
|
|||||
| CVE-2022-33697 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
|
|||||