Total
1064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10855 | 3 Canonical, Debian, Redhat | 6 Ubuntu Linux, Debian Linux, Ansible Engine and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
|
|||||
| CVE-2018-1000123 | 1 Ionicframework | 1 Ios Keychain | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf.
|
|||||
| CVE-2018-1000089 | 1 Django-anymail Project | 1 Django-anymail | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
|
Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have ...
Show More |
|||||
| CVE-2018-1000060 | 1 Sensu | 1 Sensu Core | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after ...
Show More |
|||||
| CVE-2018-1000018 | 1 Ovirt | 1 Ovirt-hosted-engine-setup | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
|
|||||
| CVE-2018-0504 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
|
|||||
| CVE-2018-0335 | 1 Cisco | 1 Prime Collaboration | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
|
A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602.
|
|||||
| CVE-2018-0042 | 1 Juniper | 1 Contrail Service Orchestration | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.
|
|||||
| CVE-2017-9278 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
|
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
|
|||||
| CVE-2017-9271 | 2 Fedoraproject, Opensuse | 2 Fedora, Zypper | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.
|
|||||
| CVE-2017-7434 | 1 Netiq | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
|
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
|
|||||
| CVE-2017-2621 | 2 Openstack, Redhat | 2 Heat, Openstack | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
|
|||||
| CVE-2017-2592 | 2 Canonical, Openstack | 2 Ubuntu Linux, Oslo.middleware | 2024-11-21 | 2.1 LOW | 5.9 MEDIUM |
|
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
|
|||||
| CVE-2017-1795 | 1 Ibm | 1 Websphere Mq Managed File Transfer | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.
|
|||||
| CVE-2017-1733 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.
|
|||||
| CVE-2017-1727 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.
|
|||||
| CVE-2017-1480 | 1 Ibm | 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
|
|||||
| CVE-2017-1198 | 1 Ibm | 1 Bigfix Compliance | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673.
|
|||||
| CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
|
|||||
| CVE-2017-18423 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
|
|||||
| CVE-2017-18412 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 1.9 LOW | 2.5 LOW |
|
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
|
|||||
| CVE-2017-17675 | 1 Bmc | 1 Remedy Mid-tier | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.
|
|||||
| CVE-2017-15113 | 2 Ovirt, Redhat | 2 Ovirt, Virtualization | 2024-11-21 | 3.5 LOW | 7.2 HIGH |
|
ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues.
|
|||||
| CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
|
|||||
| CVE-2016-10526 | 1 Grunt-gh-pages Project | 1 Grunt-gh-pages | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.
|
|||||
| CVE-2016-0898 | 1 Vmware | 1 Pivotal Software Mysql | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
|
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
|
|||||
| CVE-2015-1343 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 5.0 MEDIUM | 2.0 LOW |
|
All versions of unity-scope-gdrive logs search terms to syslog.
|
|||||
| CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
|
|||||
| CVE-2013-1771 | 1 Monkey-project | 1 Monkey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.
|
|||||
| CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Moodle before 2.2.2 has users' private files included in course backups
|
|||||
| CVE-2024-52940 | 2024-11-18 | N/A | 7.5 HIGH | ||
|
AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.
|
|||||
| CVE-2024-11193 | 2024-11-15 | N/A | 6.5 MEDIUM | ||
|
An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bind password. An attacker with log access could exploit this vulnerability to gain unauthorized access to the LDAP server, leading to potential exposure or compromise of ...
Show More |
|||||
| CVE-2024-51528 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
|
Vulnerability of improper log printing in the Super Home Screen module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-51753 | 2024-11-06 | N/A | N/A | ||
|
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-49750 | 1 Snowflake | 1 Snowflake Connector | 2024-11-06 | N/A | 5.5 MEDIUM |
|
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes (when specified via the `passcode` parameter) and Azure SAS tokens. Additionally, the SecretDetector logging formatter, if enabled, contained bugs which caused it to not fully redact JWT tokens and certain private key ...
Show More |
|||||
| CVE-2024-44205 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-05 | N/A | 5.5 MEDIUM |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A sandboxed app may be able to access sensitive user data in system logs.
|
|||||
| CVE-2024-10544 | 2024-11-01 | N/A | 5.3 MEDIUM | ||
|
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information about users contained in the exposed log files.
|
|||||
| CVE-2024-27849 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 3.3 LOW |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to read sensitive location information.
|
|||||
| CVE-2023-22649 | 1 Suse | 1 Rancher | 2024-10-30 | N/A | 6.5 MEDIUM |
|
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue.
|
|||||
| CVE-2024-40096 | 1 Rd Labs Llc | 1 Who | 2024-10-28 | N/A | 3.3 LOW |
|
The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log.
|
|||||