Total
762 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37760 | 1 Graylog | 1 Graylog | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). | |||||
CVE-2021-21598 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-02-28 | 2.1 LOW | 3.9 LOW |
Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnerability. An authenticated attacker with physical access to the system could exploit this vulnerability to read sensitive Smartcard data in log files. | |||||
CVE-2021-3037 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 2.1 LOW | 2.3 LOW |
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS configuration to the destination server. | |||||
CVE-2021-22184 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. | |||||
CVE-2021-25422 | 1 Samsung | 1 Watch Active Plugin | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
CVE-2021-20536 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-02-28 | 2.1 LOW | 6.2 MEDIUM |
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836. | |||||
CVE-2021-37759 | 1 Graylog | 1 Graylog | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). | |||||
CVE-2021-3039 | 1 Paloaltonetworks | 1 Prisma Cloud | 2024-02-28 | 5.5 MEDIUM | 3.8 LOW |
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412. | |||||
CVE-2021-0549 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896 | |||||
CVE-2021-26998 | 1 Netapp | 1 Cloud Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information that is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | |||||
CVE-2021-3528 | 1 Redhat | 1 Noobaa-operator | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration. | |||||
CVE-2021-21597 | 1 Dell | 4 Wyse 3040 Thin Client, Wyse 5070 Thin Client, Wyse 5470 Thin Client and 1 more | 2024-02-28 | 2.1 LOW | 3.9 LOW |
Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authenticated malicious user with physical access to the system could exploit this vulnerability to read sensitive information written to the log files. | |||||
CVE-2020-24038 | 1 Eram | 6 Myfax150, Myfax150 Firmware, Myfax250 and 3 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
myFax version 229 logs sensitive information in the export log module which allows any user to access critical information. | |||||
CVE-2017-17675 | 1 Bmc | 1 Remedy Mid-tier | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data. | |||||
CVE-2021-36278 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. | |||||
CVE-2020-9486 | 1 Apache | 1 Nifi | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. | |||||
CVE-2021-20359 | 1 Ibm | 1 Cloud Pak For Automation | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966. | |||||
CVE-2020-4900 | 1 Ibm | 1 Business Automation Workflow | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. | |||||
CVE-2020-8563 | 1 Kubernetes | 1 Kubernetes | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. | |||||
CVE-2020-26199 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2024-02-28 | 2.1 LOW | 6.7 MEDIUM |
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user. |