Total
762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-24024 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files. | |||||
CVE-2021-31546 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data. | |||||
CVE-2021-21558 | 1 Dell | 1 Emc Networker | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. | |||||
CVE-2021-35299 | 1 Zammad | 1 Zammad | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. | |||||
CVE-2021-23924 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | |||||
CVE-2021-29759 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2024-02-28 | 2.1 LOW | 2.3 LOW |
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. | |||||
CVE-2021-22929 | 1 Brave | 1 Brave | 2024-02-28 | 3.6 LOW | 6.1 MEDIUM |
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. | |||||
CVE-2021-25421 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
CVE-2021-27022 | 1 Puppet | 2 Puppet, Puppet Enterprise | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | |||||
CVE-2021-3425 | 1 Redhat | 1 Jboss A-mq | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable. | |||||
CVE-2021-26999 | 1 Netapp | 1 Cloud Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | |||||
CVE-2021-20178 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible, Ansible Tower | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. | |||||
CVE-2021-20191 | 2 Oracle, Redhat | 8 Virtualization, Ansible, Ansible Tower and 5 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. | |||||
CVE-2021-25423 | 1 Samsung | 1 Watch Active2 Plugin | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. | |||||
CVE-2020-23284 | 1 Mv | 1 Idce | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals internal and sensitive information without logging into the web application. | |||||
CVE-2021-3447 | 2 Fedoraproject, Redhat | 3 Fedora, Ansible, Ansible Tower | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2. | |||||
CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | |||||
CVE-2021-34689 | 2 Idrive, Microsoft | 2 Remotepc, Windows | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files. | |||||
CVE-2021-32074 | 1 Hashicorp | 1 Vault-action | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking. | |||||
CVE-2021-25420 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. |