Total
1064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33693 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.0 LOW |
|
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
|
|||||
| CVE-2022-33688 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
|
|||||
| CVE-2022-33687 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.
|
|||||
| CVE-2022-33187 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in
debug-enabled logs. The vulnerability could allow an attacker with admin
privilege to read sensitive information.
|
|||||
| CVE-2022-32565 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.
|
|||||
| CVE-2022-32556 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes.
|
|||||
| CVE-2022-32254 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.
|
|||||
| CVE-2022-32193 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.
|
|||||
| CVE-2022-31239 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data.
|
|||||
| CVE-2022-31186 | 1 Next-auth | 1 Nextauth.js | 2024-11-21 | N/A | 3.3 LOW |
|
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.1 ...
Show More |
|||||
| CVE-2022-31119 | 1 Nextcloud | 1 Mail | 2024-11-21 | N/A | 3.1 LOW |
|
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misco ...
Show More |
|||||
| CVE-2022-31098 | 1 Weave | 1 Weave Gitops | 2024-11-21 | 4.3 MEDIUM | 9.0 CRITICAL |
|
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive config ...
Show More |
|||||
| CVE-2022-31047 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
|
|||||
| CVE-2022-30742 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.
|
|||||
| CVE-2022-30741 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.
|
|||||
| CVE-2022-30733 | 1 Samsung | 1 Account | 2024-11-21 | 5.0 MEDIUM | 4.0 MEDIUM |
|
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
|
|||||
| CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2024-11-21 | N/A | 4.1 MEDIUM |
|
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
|
|||||
| CVE-2022-29928 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 4.4 MEDIUM |
|
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
|
|||||
| CVE-2022-29869 | 3 Debian, Fedoraproject, Samba | 3 Debian Linux, Fedora, Cifs-utils | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
|
|||||
| CVE-2022-29810 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
|
|||||
| CVE-2022-29550 | 1 Qualys | 1 Cloud Agent | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circumstances in which qualys-cloud-agent-scan.log can be read by a user other than root; however, the file contents could be exposed through site-specific operational practices. The vendor does NOT characterize this as a vulne ...
Show More |
|||||
| CVE-2022-29071 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | N/A | 4.0 MEDIUM |
|
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users.
|
|||||
| CVE-2022-28859 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2022-28625 | 1 Hp | 1 Oneview | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.
|
|||||
| CVE-2022-28161 | 1 Brocade | 1 Sannav | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.
|
|||||
| CVE-2022-27896 | 1 Palantir | 1 Foundry Code-workbooks | 2024-11-21 | N/A | 4.2 MEDIUM |
|
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.
|
|||||
| CVE-2022-27895 | 1 Palantir | 1 Foundry Build2 | 2024-11-21 | N/A | 4.2 MEDIUM |
|
Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater.
|
|||||
| CVE-2022-27893 | 1 Osisoft-pi-web-connector Project | 1 Osisoft-pi-web-connector | 2024-11-21 | N/A | 4.2 MEDIUM |
|
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0.
|
|||||
| CVE-2022-27888 | 1 Palantir | 1 Foundry Issues | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.
|
|||||
| CVE-2022-27636 | 2 F5, Microsoft | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Windows | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
|
|||||
| CVE-2022-27599 | 1 Qnap | 1 Qvr Pro Client | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.
We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later
|
|||||
| CVE-2022-27549 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
HCL Launch may store certain data for recurring activities in a plain text format.
|
|||||
| CVE-2022-27442 | 1 Tpcms Project | 1 Tpcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.
|
|||||
| CVE-2022-27192 | 1 Asseco | 1 Dvs Avilys | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.
|
|||||
| CVE-2022-26907 | 1 Microsoft | 1 Azure Sdk For .net | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
Azure SDK for .NET Information Disclosure Vulnerability
|
|||||
| CVE-2022-25830 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||
| CVE-2022-25829 | 1 Samsung | 1 Watch Active2 Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||
| CVE-2022-25828 | 1 Samsung | 1 Watch Active Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||
| CVE-2022-25827 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||
| CVE-2022-25826 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2024-11-21 | 2.1 LOW | 1.9 LOW |
|
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log
|
|||||