Total
1064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25422 | 1 Samsung | 1 Watch Active Plugin | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
|
|||||
| CVE-2021-25421 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
|
|||||
| CVE-2021-25420 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
|
|||||
| CVE-2021-25350 | 2 Google, Samsung | 2 Android, Account | 2024-11-21 | 2.1 LOW | 2.0 LOW |
|
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
|
|||||
| CVE-2021-25284 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 1.9 LOW | 4.4 MEDIUM |
|
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
|
|||||
| CVE-2021-25009 | 1 Correosexpress Project | 1 Correosexpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses
|
|||||
| CVE-2021-24024 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
|
|||||
| CVE-2021-23924 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files.
|
|||||
| CVE-2021-23046 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2024-11-21 | 3.5 LOW | 4.9 MEDIUM |
|
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2021-22929 | 1 Brave | 1 Brave | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.
|
|||||
| CVE-2021-22516 | 1 Microfocus | 1 Secure Api Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.
|
|||||
| CVE-2021-22310 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500 ...
Show More |
|||||
| CVE-2021-22219 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.4 MEDIUM |
|
All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
|
|||||
| CVE-2021-22184 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
|
|||||
| CVE-2021-22143 | 1 Elastic | 1 Apm .net Agent | 2024-11-21 | N/A | 2.1 LOW |
|
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers will not be sanitized before being sent.
|
|||||
| CVE-2021-22133 | 1 Elastic | 1 Apm Agent | 2024-11-21 | 2.7 LOW | 2.4 LOW |
|
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.
|
|||||
| CVE-2021-22030 | 1 Greenplum | 1 Greenplum | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with access to logs can read sensitive(credentials) information about users
|
|||||
| CVE-2021-22024 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure.
|
|||||
| CVE-2021-21722 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-T_V0032.1.1.04_jiangsuTelecom.
|
|||||
| CVE-2021-21601 | 1 Dell | 2 Emc Data Protection Search, Emc Integrated Data Protection Appliance | 2024-11-21 | 2.1 LOW | 8.8 HIGH |
|
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account.
|
|||||
| CVE-2021-21598 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-11-21 | 2.1 LOW | 3.9 LOW |
|
Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files.
|
|||||
| CVE-2021-21597 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-11-21 | 2.1 LOW | 7.2 HIGH |
|
Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files.
|
|||||
| CVE-2021-21561 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.
|
|||||
| CVE-2021-21558 | 1 Dell | 1 Emc Networker | 2024-11-21 | 2.1 LOW | 8.2 HIGH |
|
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain.
|
|||||
| CVE-2021-21546 | 1 Dell | 1 Emc Networker | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.
|
|||||
| CVE-2021-21361 | 1 Vagrant Project | 1 Vagrant | 2024-11-21 | 3.3 LOW | 5.3 MEDIUM |
|
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0.
|
|||||
| CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
|
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.
|
|||||
| CVE-2021-20359 | 1 Ibm | 1 Cloud Pak For Automation | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.
|
|||||
| CVE-2021-20191 | 2 Oracle, Redhat | 8 Virtualization, Ansible, Ansible Tower and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
|
|||||
| CVE-2021-20180 | 1 Redhat | 1 Ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
|
|||||
| CVE-2021-20178 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible, Ansible Tower | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
|
|||||
| CVE-2021-20129 | 1 Draytek | 1 Vigorconnect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.
|
|||||
| CVE-2021-1442 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected device. The vulnerability is due to insufficient protection of sensitive information. An attacker with low privileges could exploit this vulnerability by issuing the diagnostic CLI show pnp profile when a specific PnP listener is enabled on the device. A successful ...
Show More |
|||||
| CVE-2021-1226 | 1 Cisco | 5 Emergency Responder, Prime License Manager, Unified Communications Manager and 2 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker ...
Show More |
|||||
| CVE-2021-0997 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488
|
|||||
| CVE-2021-0991 | 1 Google | 1 Android | 2024-11-21 | 2.7 LOW | 2.4 LOW |
|
In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-181588752
|
|||||
| CVE-2021-0549 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896
|
|||||
| CVE-2021-0148 | 1 Intel | 36 Ssd D-s4510, Ssd D-s4510 Firmware, Ssd D5-p4320 and 33 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.
|
|||||
| CVE-2020-9486 | 1 Apache | 1 Nifi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.
|
|||||
| CVE-2020-8566 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 2.1 LOW | 4.7 MEDIUM |
|
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
|
|||||