Total
762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4472 | 1 Gitlab | 1 Gitlab | 2024-09-18 | N/A | 5.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs. | |||||
| CVE-2023-1904 | 1 Octopus | 1 Octopus Server | 2024-09-18 | N/A | 7.5 HIGH |
| In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server. | |||||
| CVE-2024-8775 | 2024-09-14 | N/A | 5.5 MEDIUM | ||
| A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. | |||||
| CVE-2021-22518 | 2024-09-12 | N/A | 5.8 MEDIUM | ||
| A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0 | |||||
| CVE-2021-22533 | 2024-09-12 | N/A | 6.5 MEDIUM | ||
| Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | |||||
| CVE-2022-26322 | 2024-09-12 | N/A | 4.9 MEDIUM | ||
| Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200. | |||||
| CVE-2024-37286 | 1 Elastic | 1 Apm Server | 2024-09-11 | N/A | 6.5 MEDIUM |
| APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged. | |||||
| CVE-2023-49921 | 1 Elastic | 1 Elasticsearch | 2024-09-11 | N/A | 6.5 MEDIUM |
| An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical. | |||||
| CVE-2024-42344 | 1 Siemens | 1 Sinema Remote Connect Client | 2024-09-10 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data. | |||||
| CVE-2024-42349 | 1 Fogproject | 1 Fogproject | 2024-09-10 | N/A | 5.3 MEDIUM |
| FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47. | |||||
| CVE-2024-43781 | 2024-09-10 | N/A | 5.5 MEDIUM | ||
| A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC) <= V6.6), SINUMERIK ONE (All versions < V6.15 SP4 in connection with using Create MyConfig (CMC) <= V6.6). Affected systems, that have been provisioned with Create MyConfig (CMC), contain a Insertion of Sensitive Information into Log File vulnerability. This could allow a local authenticated user with low privileges to read sensitive information and thus circumvent access restrictions. | |||||
| CVE-2024-27784 | 1 Fortinet | 1 Fortiaiops | 2024-09-09 | N/A | 6.5 MEDIUM |
| Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. | |||||
| CVE-2024-38321 | 1 Ibm | 1 Business Automation Workflow | 2024-09-06 | N/A | 6.5 MEDIUM |
| IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. | |||||
| CVE-2024-20440 | 2024-09-05 | N/A | 7.5 HIGH | ||
| A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API. | |||||
| CVE-2024-23758 | 2024-09-04 | N/A | 7.5 HIGH | ||
| An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. | |||||
| CVE-2024-8365 | 1 Hashicorp | 1 Vault | 2024-09-04 | N/A | 6.5 MEDIUM |
| Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. | |||||
| CVE-2024-40096 | 1 Rd Labs Llc | 1 Who | 2024-08-30 | N/A | 3.3 LOW |
| The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log. | |||||
| CVE-2022-4858 | 1 M-files | 1 M-files Server | 2024-08-28 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information into Log Files in M-Files Server before 22.10.11846.0 could allow to obtain sensitive tokens from logs, if specific configurations were set. | |||||
| CVE-2024-6977 | 1 Catonetworks | 1 Cato Client | 2024-08-27 | N/A | 6.5 MEDIUM |
| A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34. | |||||
| CVE-2024-42056 | 1 Retool | 1 Retool | 2024-08-26 | N/A | 6.5 MEDIUM |
| Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1. | |||||