Total
1064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24804 | 1 Cms-dev | 1 Cms | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.
|
|||||
| CVE-2020-24566 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to run on the server/worker, then (under certain circumstances) the account password is exposed in cleartext in the verbose task logs output.
|
|||||
| CVE-2020-24038 | 1 Eram | 6 Myfax150, Myfax150 Firmware, Myfax250 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
myFax version 229 logs sensitive information in the export log module which allows any user to access critical information.
|
|||||
| CVE-2020-23284 | 1 Mv | 1 Idce | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application.
|
|||||
| CVE-2020-21933 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package.
|
|||||
| CVE-2020-1987 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 2.1 LOW | 3.9 LOW |
|
An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alto Networks Global Protect Agent 5.0 versions prior to 5.0.9; 5.1 versions prior to 5.1.1.
|
|||||
| CVE-2020-1942 | 1 Apache | 1 Nifi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and local flow was printed, potentially containing sensitive values in plaintext.
|
|||||
| CVE-2020-1928 | 1 Apache | 1 Nifi | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present.
|
|||||
| CVE-2020-1753 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, Fedora, Ansible Engine and 1 more | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
|
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have a ...
Show More |
|||||
| CVE-2020-1698 | 1 Redhat | 1 Keycloak | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
|
A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality.
|
|||||
| CVE-2020-1624 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
|
|||||
| CVE-2020-1623 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. This issue affects all versions of Junos OS Evolved prior to 19.2R1.
|
|||||
| CVE-2020-1622 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. This issue affects all versions of Junos OS Evolved prior to 19.1R1.
|
|||||
| CVE-2020-1621 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. This issue affects all versions of Junos OS Evolved prior to 19.3R1.
|
|||||
| CVE-2020-1620 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1.
|
|||||
| CVE-2020-15829 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
|
|||||
| CVE-2020-15581 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).
|
|||||
| CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level.
|
|||||
| CVE-2020-15370 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.
|
|||||
| CVE-2020-15095 | 3 Fedoraproject, Npmjs, Opensuse | 3 Fedora, Npm, Leap | 2024-11-21 | 1.9 LOW | 4.4 MEDIUM |
|
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
|
|||||
| CVE-2020-14470 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.
|
|||||
| CVE-2020-14332 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality.
|
|||||
| CVE-2020-14330 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
|
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality.
|
|||||
| CVE-2020-13881 | 4 Arista, Canonical, Debian and 1 more | 4 Cloudvision Portal, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
|
|||||
| CVE-2020-13830 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020).
|
|||||
| CVE-2020-13223 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
|
|||||
| CVE-2020-11968 | 1 Evenroute | 2 Iqrouter, Iqrouter Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which has a required step for setting a secure password on the system), makes this CVE invalid. This vulnerability is “true for any unconfigured release of OpenWRT, and true of many other new Linux distros prior to being configured for th ...
Show More |
|||||
| CVE-2020-11932 | 1 Canonical | 1 Subiquity | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.
|
|||||
| CVE-2020-11646 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved for other users.
|
|||||
| CVE-2020-11643 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view information of devices belonging to foreign domains.
|
|||||
| CVE-2020-11605 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020).
|
|||||
| CVE-2020-11094 | 1 Octobercms | 1 Debugbar | 2024-11-21 | 6.8 MEDIUM | 6.1 MEDIUM |
|
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potential exists for them to use this feature to view all requests being made to the application and obtain sensitive information from those requests. There even exists the potential for account t ...
Show More |
|||||
| CVE-2020-10763 | 2 Heketi Project, Redhat | 4 Heketi, Enterprise Linux, Gluster Storage and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.
|
|||||
| CVE-2020-10762 | 1 Redhat | 1 Gluster-block | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.
|
|||||
| CVE-2020-10752 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.
|
|||||
| CVE-2020-10750 | 1 Linuxfoundation | 1 Jaeger | 2024-11-21 | 2.1 LOW | 7.1 HIGH |
|
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
|
|||||
| CVE-2020-10712 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 6.4 MEDIUM | 7.0 HIGH |
|
A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was found to be logged by the image registry operator allowing an attacker able to gain access to those logs, to read and write to the storage backing the internal image registry. The highest threat from this vulnerability is to data integrity.
|
|||||
| CVE-2020-10052 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.
|
|||||
| CVE-2020-0476 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In onNotificationRemoved of Assistant.java, there is a possible leak of sensitive information to logs. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-162014574
|
|||||
| CVE-2020-0018 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
In MotionEntry::appendDescription of InputDispatcher.cpp, there is a possible log information disclosure. This could lead to local disclosure of user input with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139945049
|
|||||