Total
762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0010 | 1 Abb | 5 Platform Engineering Tools, Qcs 800xa, Qcs 800xa Firmware and 2 more | 2024-02-28 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0. | |||||
| CVE-2023-21492 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 4.4 MEDIUM |
| Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | |||||
| CVE-2021-3684 | 1 Redhat | 3 Enterprise Linux, Openshift Assisted Installer, Openshift Container Platform | 2024-02-28 | N/A | 5.5 MEDIUM |
| A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user. | |||||
| CVE-2023-31413 | 1 Elastic | 1 Filebeat | 2024-02-28 | N/A | 3.3 LOW |
| Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. | |||||
| CVE-2023-33001 | 1 Jenkins | 1 Hashicorp Vault | 2024-02-28 | N/A | 7.5 HIGH |
| Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. | |||||
| CVE-2022-39043 | 1 Juiker | 1 Juiker | 2024-02-28 | N/A | 2.4 LOW |
| Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts. | |||||
| CVE-2023-2878 | 1 Kubernetes | 1 Secrets-store-csi-driver | 2024-02-28 | N/A | 5.5 MEDIUM |
| Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs. | |||||
| CVE-2022-48228 | 1 Gbgplc | 1 Acuant Asureid Sentinel | 2024-02-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. | |||||
| CVE-2023-2514 | 1 Mattermost | 1 Mattermost | 2024-02-28 | N/A | 7.5 HIGH |
| Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. | |||||
| CVE-2023-30618 | 1 Kitchen-terraform Project | 1 Kitchen-terraform | 2024-02-28 | N/A | 3.3 LOW |
| Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28630 | 1 Thoughtworks | 1 Gocd | 2024-02-28 | N/A | 4.4 MEDIUM |
| GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally leaked to admin alerts on the GoCD user interface. The vulnerability is triggered only if the GoCD server host is misconfigured to have backups enabled, but does not have access to the `pg_dump` or `mysqldump` utility tools to backup the configured database type (PostgreSQL or MySQL respectively). In such cases, failure to launch the expected backup utility reports the shell environment used to attempt to launch in the server admin alert, which includes the plaintext database password supplied to the configured tool. This vulnerability does not affect backups of the default on-disk H2 database that GoCD is configured to use. This issue has been addressed and fixed in GoCD 23.1.0. Users are advised to upgrade. Users unable to upgrade may disable backups, or administrators should ensure that the required `pg_dump` (PostgreSQL) or `mysqldump` (MySQL) binaries are available on the GoCD server when backups are triggered. | |||||
| CVE-2022-48435 | 1 Jetbrains | 1 Phpstorm | 2024-02-28 | N/A | 3.3 LOW |
| In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file | |||||
| CVE-2023-20859 | 1 Vmware | 3 Spring Cloud Config, Spring Cloud Vault, Spring Vault | 2024-02-28 | N/A | 5.5 MEDIUM |
| In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. | |||||
| CVE-2023-28441 | 1 Invernyx | 1 Smartcars 3 | 2024-02-28 | N/A | 7.5 HIGH |
| smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly. | |||||
| CVE-2022-43772 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-02-28 | N/A | 6.5 MEDIUM |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. | |||||
| CVE-2023-1550 | 1 F5 | 2 Nginx Agent, Nginx Instance Manager | 2024-02-28 | N/A | 5.5 MEDIUM |
| Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring. | |||||
| CVE-2022-39897 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log. | |||||
| CVE-2023-22733 | 1 Shopware | 1 Shopware | 2024-02-28 | N/A | 6.5 MEDIUM |
| Shopware is an open source commerce platform based on Symfony Framework and Vue js. In affected versions the log module would write out all kind of sent mails. An attacker with access to either the local system logs or a centralized logging store may have access to other users accounts. This issue has been addressed in version 6.4.18.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. Users unable to upgrade may remove from all users the log module ACL rights or disable logging. | |||||
| CVE-2021-36544 | 1 Tpcms Project | 1 Tpcms | 2024-02-28 | N/A | 7.5 HIGH |
| Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | |||||
| CVE-2022-43930 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-02-28 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. | |||||