Total
762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-27896 | 1 Palantir | 1 Foundry Code-workbooks | 2024-02-28 | N/A | 7.5 HIGH |
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0. | |||||
CVE-2022-35719 | 1 Ibm | 1 Mq Internet Pass-thru | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user. | |||||
CVE-2022-33693 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 2.3 LOW |
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | |||||
CVE-2022-27895 | 1 Palantir | 1 Foundry Build2 | 2024-02-28 | N/A | 7.5 HIGH |
Information Exposure Through Log Files vulnerability discovered in Foundry when logs were captured using an underlying library known as Build2. This issue was present in versions earlier than 1.785.0. Upgrade to Build2 version 1.785.0 or greater. | |||||
CVE-2022-3018 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.9 MEDIUM |
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | |||||
CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2024-02-28 | N/A | 7.5 HIGH |
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | |||||
CVE-2022-32556 | 1 Couchbase | 1 Couchbase Server | 2024-02-28 | N/A | 7.5 HIGH |
An issue was discovered in Couchbase Server before 7.0.4. A private key is leaked to the log files with certain crashes. | |||||
CVE-2022-33688 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | |||||
CVE-2022-41553 | 2 Hitachi, Linux | 3 Infrastructure Analytics Advisor, Ops Center Analyzer, Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00. | |||||
CVE-2022-36877 | 1 Samsung | 1 Samsung Members | 2024-02-28 | N/A | 3.3 LOW |
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log. | |||||
CVE-2022-3499 | 1 Tenable | 1 Nessus | 2024-02-28 | N/A | 6.5 MEDIUM |
An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially allow for a scenario where unauthorized disclosure of agent logs and data is present. | |||||
CVE-2022-39876 | 1 Samsung | 1 Reminder | 2024-02-28 | N/A | 3.3 LOW |
Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. | |||||
CVE-2022-38133 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | N/A | 5.3 MEDIUM |
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases | |||||
CVE-2022-31674 | 1 Vmware | 1 Vrealize Operations | 2024-02-28 | N/A | 4.3 MEDIUM |
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure. | |||||
CVE-2022-34826 | 1 Couchbase | 1 Couchbase Server | 2024-02-28 | N/A | 5.9 MEDIUM |
In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. | |||||
CVE-2022-33737 | 1 Openvpn | 1 Openvpn Access Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password | |||||
CVE-2022-38149 | 1 Hashicorp | 1 Consul Template | 2024-02-28 | N/A | 7.5 HIGH |
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2. | |||||
CVE-2022-0718 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Oslo.utils, Openshift Container Platform and 1 more | 2024-02-28 | N/A | 4.9 MEDIUM |
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. | |||||
CVE-2021-32570 | 1 Ericsson | 1 Network Manager | 2024-02-28 | N/A | 4.9 MEDIUM |
In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. | |||||
CVE-2022-23716 | 1 Elastic | 1 Elastic Cloud Enterprise | 2024-02-28 | N/A | 5.3 MEDIUM |
A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. |