Total
762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27636 | 2 F5, Microsoft | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Windows | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-25823 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. | |||||
| CVE-2022-29810 | 1 Hashicorp | 1 Go-getter | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | |||||
| CVE-2022-25829 | 1 Samsung | 1 Watch Active2 Plugin | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log | |||||
| CVE-2021-43271 | 1 Riverbed | 1 Appresponse | 2024-02-28 | 7.1 HIGH | 6.8 MEDIUM |
| Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) | |||||
| CVE-2022-27442 | 1 Tpcms Project | 1 Tpcms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| TPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password. | |||||
| CVE-2022-30733 | 1 Samsung | 1 Account | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | |||||
| CVE-2022-31098 | 1 Weave | 1 Weave Gitops | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability. | |||||
| CVE-2022-25518 | 1 Tecnoteca | 1 Cmdbuild | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table. | |||||
| CVE-2022-20651 | 1 Cisco | 1 Adaptive Security Device Manager | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device. | |||||
| CVE-2021-45103 | 1 Wisc | 1 Htcondor | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer. | |||||
| CVE-2021-39739 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194 | |||||
| CVE-2021-25009 | 1 Correosexpress Project | 1 Correosexpress | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses | |||||
| CVE-2022-28859 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-30148 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Windows Desired State Configuration (DSC) Information Disclosure Vulnerability | |||||
| CVE-2022-29869 | 3 Debian, Fedoraproject, Samba | 3 Debian Linux, Fedora, Cifs-utils | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. | |||||
| CVE-2022-26907 | 1 Microsoft | 1 Azure Sdk For .net | 2024-02-28 | 4.0 MEDIUM | 5.3 MEDIUM |
| Azure SDK for .NET Information Disclosure Vulnerability | |||||
| CVE-2022-27192 | 1 Asseco | 1 Dvs Avilys | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files. | |||||
| CVE-2022-20806 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-30742 | 1 Samsung | 1 Find My Mobile | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. | |||||