Total
762 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39032 | 2 Ibm, Microsoft | 2 Sterling Gentran, Windows | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 213962. | |||||
| CVE-2021-3791 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password. | |||||
| CVE-2021-39900 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
| Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | |||||
| CVE-2021-37861 | 1 Mattermost | 1 Mattermost | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails. | |||||
| CVE-2022-0338 | 1 Loguru Project | 1 Loguru | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3. | |||||
| CVE-2021-40364 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system. | |||||
| CVE-2021-23046 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Guided Configuration | 2024-02-28 | 3.5 LOW | 4.9 MEDIUM |
| On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2020-21933 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package. | |||||
| CVE-2021-22516 | 1 Microfocus | 1 Secure Api Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file. | |||||
| CVE-2021-28131 | 1 Apache | 1 Impala | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
| Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the attacker is able to execute statements for which they don't have the necessary privileges otherwise. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. Mitigation: If an Impala deployment uses Apache Sentry, Apache Ranger or audit logging, then users should upgrade to a version of Impala with the fix for IMPALA-10600. The Impala 4.0 release includes this fix. This hides session secrets from the logs to eliminate the risk of any attack using this mechanism. In lieu of an upgrade, restricting access to logs that expose secrets will reduce the risk of an attack. Restricting access to the Impala deployment to trusted users will also reduce the risk of an attack. Log redaction techniques can be used to redact secrets from the logs. | |||||
| CVE-2021-27019 | 1 Puppet | 2 Puppet Enterprise, Puppetdb | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| PuppetDB logging included potentially sensitive system information. | |||||
| CVE-2021-22219 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking. | |||||
| CVE-2021-32801 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. | |||||
| CVE-2021-32767 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
| TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability. | |||||
| CVE-2021-26908 | 1 Automox | 1 Automox | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent. | |||||
| CVE-2021-22024 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure. | |||||
| CVE-2021-39291 | 1 Netmodule | 16 Nb1600, Nb1601, Nb1800 and 13 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmware before 4.3.0.113, 4.4.0.111, and 4.5.0.105 are affected: NB800, NB1600, NB1601, NB1800, NB1810, NB2700, NB2710, NB2800, NB2810, NB3700, NB3701, NB3710, NB3711, NB3720, and NB3800. | |||||
| CVE-2021-21601 | 1 Dell | 2 Emc Data Protection Search, Emc Integrated Data Protection Appliance | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
| Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. | |||||
| CVE-2021-21546 | 1 Dell | 1 Emc Networker | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files. | |||||
| CVE-2021-3036 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to use the PAN-OS XML API and exists only when a client includes a duplicate API parameter in API requests. Logged information includes the cleartext username, password, and API key of the administrator making the PAN-OS XML API request. | |||||