Total
762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29071 | 1 Arista | 1 Cloudvision Portal | 2024-02-28 | N/A | 5.5 MEDIUM |
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. | |||||
CVE-2022-20278 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-205130113 | |||||
CVE-2022-36321 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | N/A | 6.5 MEDIUM |
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases | |||||
CVE-2021-44862 | 1 Netskope | 1 Netskope | 2024-02-28 | N/A | 7.8 HIGH |
Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. | |||||
CVE-2022-28625 | 1 Hp | 1 Oneview | 2024-02-28 | N/A | 5.5 MEDIUM |
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
CVE-2022-27893 | 1 Osisoft-pi-web-connector Project | 1 Osisoft-pi-web-connector | 2024-02-28 | N/A | 4.2 MEDIUM |
The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. | |||||
CVE-2022-40979 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | N/A | 5.3 MEDIUM |
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable | |||||
CVE-2022-33911 | 1 Couchbase | 1 Couchbase Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. | |||||
CVE-2022-44745 | 1 Acronis | 1 Cyber Protect Home Office | 2024-02-28 | N/A | 5.5 MEDIUM |
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||||
CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | N/A | 7.5 HIGH |
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | |||||
CVE-2022-39874 | 1 Samsung | 1 Account | 2024-02-28 | N/A | 5.5 MEDIUM |
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | |||||
CVE-2022-3191 | 2 Hitachi, Linux | 2 Ops Center Analyzer, Linux Kernel | 2024-02-28 | N/A | 5.5 MEDIUM |
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00 | |||||
CVE-2022-33687 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. | |||||
CVE-2022-25374 | 1 Hashicorp | 1 Terraform Enterprise | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1. | |||||
CVE-2022-25828 | 1 Samsung | 1 Watch Active Plugin | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
CVE-2022-25826 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
CVE-2022-24757 | 1 Jupyter | 1 Jupyter Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds. | |||||
CVE-2022-24875 | 1 Cve | 1 Cve-services | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent versions of the software. Users of the software are advised to manually apply the `46d98f2b` commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate. | |||||
CVE-2022-30741 | 1 Samsung | 1 Find My Mobile | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. | |||||
CVE-2022-28161 | 1 Brocade | 1 Sannav | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. |